Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
99.exe

Overview

General Information

Sample name:99.exe
Analysis ID:1559173
MD5:d493468d3a2924d4c9c235451c67e2aa
SHA1:d9f76deb08187b4c70cca18eccb456f0571f6404
SHA256:159b20c6cdcee8b9c746d8b7d97efc8a24bc50e4e124715839178b61f30eccce
Tags:exeopendiruser-Joker
Infos:

Detection

Score:72
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Detected unpacking (creates a PE file in dynamic memory)
Multi AV Scanner detection for submitted file
AI detected suspicious sample
Found evasive API chain (may stop execution after checking mutex)
Machine Learning detection for sample
Renames NTDLL to bypass HIPS
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to dynamically determine API calls
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains functionality to record screenshots
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Detected potential crypto function
Drops PE files
Enables debug privileges
Enables driver privileges
Enables security privileges
Found dropped PE file which has not been started or loaded
Found evasive API chain (date check)
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
Installs a raw input device (often for capturing keystrokes)
PE file contains executable resources (Code or Archives)
PE file contains sections with non-standard names
PE file does not import any functions
Potential key logger detected (key state polling based)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara detected Keylogger Generic

Classification

  • System is w10x64
  • 99.exe (PID: 3800 cmdline: "C:\Users\user\Desktop\99.exe" MD5: D493468D3A2924D4C9C235451C67E2AA)
  • cleanup
No configs have been found
SourceRuleDescriptionAuthorStrings
Process Memory Space: 99.exe PID: 3800JoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
    No Sigma rule has matched
    No Suricata rule has matched

    Click to jump to signature section

    Show All Signature Results

    AV Detection

    barindex
    Source: 99.exeReversingLabs: Detection: 50%
    Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.5% probability
    Source: 99.exeJoe Sandbox ML: detected

    Compliance

    barindex
    Source: C:\Users\user\Desktop\99.exeUnpacked PE file: 0.2.99.exe.10000000.2.unpack
    Source: 99.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
    Source: Binary string: devco n.pdbo source: 99.exe
    Source: Binary string: wntdll.pdbUGP source: 99.exe, 00000000.00000003.2176501070.0000000002668000.00000004.00000020.00020000.00000000.sdmp, 99.exe, 00000000.00000002.3436711771.0000000002812000.00000040.00000020.00020000.00000000.sdmp, 709f3c.tmp.0.dr
    Source: Binary string: wntdll.pdb source: 99.exe, 00000000.00000003.2176501070.0000000002668000.00000004.00000020.00020000.00000000.sdmp, 99.exe, 00000000.00000002.3436711771.0000000002812000.00000040.00000020.00020000.00000000.sdmp, 709f3c.tmp.0.dr
    Source: Binary string: wuser32.pdb source: 99.exe, 00000000.00000002.3436899930.00000000029CA000.00000040.00000020.00020000.00000000.sdmp, 99.exe, 00000000.00000003.2177302523.000000000266D000.00000004.00000020.00020000.00000000.sdmp, 709faa.tmp.0.dr
    Source: Binary string: DrvInDM U.pdbe source: 99.exe
    Source: Binary string: wuser32.pdbUGP source: 99.exe, 00000000.00000002.3436899930.00000000029CA000.00000040.00000020.00020000.00000000.sdmp, 99.exe, 00000000.00000003.2177302523.000000000266D000.00000004.00000020.00020000.00000000.sdmp, 709faa.tmp.0.dr
    Source: Binary string: devc@on.pdb source: 99.exe
    Source: C:\Users\user\Desktop\99.exeCode function: 0_2_0053C235 __EH_prolog,GetFullPathNameA,lstrcpynA,GetVolumeInformationA,CharUpperA,FindFirstFileA,FindClose,lstrcpyA,0_2_0053C235
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-20h], esp0_2_1000710E
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-20h], esp0_2_1000710E
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-28h], esp0_2_1000710E
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-20h], esp0_2_1000710E
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-10h], esp0_2_1001A199
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-20h], esp0_2_100193C2
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-24h], esp0_2_100193C2
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-44h], esp0_2_100198CC
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-04h], esp0_2_10018AD3
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-04h], esp0_2_10018AD3
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-04h], esp0_2_10018EEA
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-0Ch], esp0_2_10007FDD
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-10h], esp0_2_1001A031
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-10h], esp0_2_10006051
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-10h], esp0_2_10006051
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-04h], esp0_2_10014096
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-04h], esp0_2_10014096
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-14h], esp0_2_1000210D
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-14h], esp0_2_1000210D
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-10h], esp0_2_10003116
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-0Ch], esp0_2_10010199
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-04h], esp0_2_1001419C
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-04h], esp0_2_1001419C
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-08h], esp0_2_100111A7
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-18h], esp0_2_100151BD
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-18h], esp0_2_100151BD
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-18h], esp0_2_100151BD
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-28h], esp0_2_1001D1C4
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-20h], esp0_2_1001D1C4
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-2Ch], esp0_2_100221E2
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-2Ch], esp0_2_100221E2
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-2Ch], esp0_2_100221E2
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-2Ch], esp0_2_100221E2
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-2Ch], esp0_2_100221E2
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-08h], esp0_2_100101FB
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-08h], esp0_2_10014203
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-14h], esp0_2_1001121A
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-14h], esp0_2_1001121A
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-14h], esp0_2_1001121A
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-14h], esp0_2_1001121A
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-14h], esp0_2_1001121A
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-14h], esp0_2_1001121A
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-2Ch], esp0_2_1001221F
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-2Ch], esp0_2_1001221F
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-14h], esp0_2_1001A236
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-10h], esp0_2_10010255
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-10h], esp0_2_10010255
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-44h], esp0_2_10014289
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-44h], esp0_2_10014289
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-44h], esp0_2_10014289
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-48h], esp0_2_10014289
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-4Ch], esp0_2_10014289
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-58h], esp0_2_10014289
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-44h], esp0_2_10014289
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-44h], esp0_2_10014289
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-44h], esp0_2_10014289
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-48h], esp0_2_10014289
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-44h], esp0_2_10014289
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-44h], esp0_2_10014289
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-48h], esp0_2_10014289
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-44h], esp0_2_10014289
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-44h], esp0_2_10014289
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-48h], esp0_2_10014289
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-48h], esp0_2_10014289
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-4Ch], esp0_2_1002129C
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-4Ch], esp0_2_1002129C
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-4Ch], esp0_2_1002129C
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-4Ch], esp0_2_1002129C
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-4Ch], esp0_2_1002129C
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-54h], esp0_2_1002129C
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-4Ch], esp0_2_1002129C
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-4Ch], esp0_2_1002129C
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-4Ch], esp0_2_1002129C
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-50h], esp0_2_1002129C
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-4Ch], esp0_2_1002129C
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-4Ch], esp0_2_1002129C
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-4Ch], esp0_2_1002129C
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-4Ch], esp0_2_1002129C
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-00000084h], esp0_2_1001F2ED
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-00000084h], esp0_2_1001F2ED
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-00000084h], esp0_2_1001F2ED
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-00000084h], esp0_2_1001F2ED
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-00000084h], esp0_2_1001F2ED
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-0000008Ch], esp0_2_1001F2ED
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-00000084h], esp0_2_1001F2ED
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-00000084h], esp0_2_1001F2ED
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-00000084h], esp0_2_1001F2ED
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-00000084h], esp0_2_1001F2ED
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-00000084h], esp0_2_1001F2ED
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-00000084h], esp0_2_1001F2ED
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-00000084h], esp0_2_1001F2ED
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-00000084h], esp0_2_1001F2ED
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-00000084h], esp0_2_1001F2ED
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-00000084h], esp0_2_1001F2ED
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-00000084h], esp0_2_1001F2ED
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-00000084h], esp0_2_1001F2ED
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-00000084h], esp0_2_1001F2ED
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-0000008Ch], esp0_2_1001F2ED
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-00000084h], esp0_2_1001F2ED
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-00000084h], esp0_2_1001F2ED
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-0000008Ch], esp0_2_1001F2ED
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-00000084h], esp0_2_1001F2ED
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-00000084h], esp0_2_1001F2ED
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-00000084h], esp0_2_1001F2ED
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-0000008Ch], esp0_2_1001F2ED
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-0000008Ch], esp0_2_1001F2ED
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-00000084h], esp0_2_1001F2ED
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-00000084h], esp0_2_1001F2ED
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-00000084h], esp0_2_1001F2ED
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-00000084h], esp0_2_1001F2ED
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-00000084h], esp0_2_1001F2ED
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-10h], esp0_2_1000833D
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-04h], esp0_2_1000634E
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-10h], esp0_2_1000B353
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-4Ch], esp0_2_10026356
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-44h], esp0_2_10014289
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-44h], esp0_2_10014289
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-44h], esp0_2_10014289
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-48h], esp0_2_10014289
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-4Ch], esp0_2_10014289
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-58h], esp0_2_10014289
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-44h], esp0_2_10014289
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-44h], esp0_2_10014289
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-44h], esp0_2_10014289
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-48h], esp0_2_10014289
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-44h], esp0_2_10014289
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-44h], esp0_2_10014289
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-48h], esp0_2_10014289
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-44h], esp0_2_10014289
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-44h], esp0_2_10014289
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-48h], esp0_2_10014289
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-48h], esp0_2_10014289
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-10h], esp0_2_100253E7
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-10h], esp0_2_1000B3F0
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-04h], esp0_2_10002461
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-0Ch], esp0_2_1000F472
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-18h], esp0_2_1001847E
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-38h], esp0_2_10025484
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-58h], esp0_2_10025484
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-20h], esp0_2_10006495
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-14h], esp0_2_100024AC
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-20h], esp0_2_100024AC
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-14h], esp0_2_100024AC
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-14h], esp0_2_100024AC
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-14h], esp0_2_1001A4E7
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-0Ch], esp0_2_1000B61E
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-0Ch], esp0_2_1001363D
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-14h], esp0_2_1001363D
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-08h], esp0_2_10011653
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-08h], esp0_2_10011653
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-50h], esp0_2_1000C655
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-50h], esp0_2_1000C655
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-50h], esp0_2_1000C655
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-50h], esp0_2_1000C655
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-50h], esp0_2_1000C655
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-50h], esp0_2_1000C655
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-3Ch], esp0_2_1000C655
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-3Ch], esp0_2_1000C655
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-3Ch], esp0_2_1000C655
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-40h], esp0_2_1000C655
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-3Ch], esp0_2_1000C655
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-50h], esp0_2_1000C655
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-3Ch], esp0_2_1000C655
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-3Ch], esp0_2_1000C655
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-40h], esp0_2_1000C655
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-3Ch], esp0_2_1000C655
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-14h], esp0_2_1001A6C7
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-10h], esp0_2_100246E4
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-10h], esp0_2_1001A6F8
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-18h], esp0_2_1001A6F8
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-10h], esp0_2_1001A6F8
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-10h], esp0_2_1001A6F8
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-10h], esp0_2_1001A6F8
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-10h], esp0_2_1001A6F8
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-08h], esp0_2_100236FF
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-08h], esp0_2_100236FF
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-0Ch], esp0_2_10011772
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-38h], esp0_2_10024781
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-58h], esp0_2_10024781
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-0Ch], esp0_2_1002378A
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-0Ch], esp0_2_1002378A
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-14h], esp0_2_1002378A
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-0Ch], esp0_2_1002378A
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-0Ch], esp0_2_1002378A
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-10h], esp0_2_100137A3
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-18h], esp0_2_1000A7A2
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-10h], esp0_2_1000F7AC
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-0Ch], esp0_2_10018801
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-14h], esp0_2_10017804
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-0Ch], esp0_2_10011772
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-14h], esp0_2_1001385A
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-10h], esp0_2_10022882
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-1Ch], esp0_2_1001A8BE
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-1Ch], esp0_2_1001A8BE
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-1Ch], esp0_2_1001A8BE
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-1Ch], esp0_2_1001A8BE
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-1Ch], esp0_2_1001A8BE
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-1Ch], esp0_2_1001A8BE
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-1Ch], esp0_2_1001A8BE
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-1Ch], esp0_2_1001A8BE
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-1Ch], esp0_2_1001A8BE
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-1Ch], esp0_2_1001A8BE
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-1Ch], esp0_2_1001A8BE
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-1Ch], esp0_2_1001A8BE
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-08h], esp0_2_100188E1
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-24h], esp0_2_1000B90D
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-58h], esp0_2_10025977
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-3Ch], esp0_2_100259D9
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-10h], esp0_2_100189E6
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-10h], esp0_2_1000FA6F
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-10h], esp0_2_10022A80
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-10h], esp0_2_10010AD6
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-10h], esp0_2_10010AD6
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-04h], esp0_2_1001BADE
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-10h], esp0_2_10008B27
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-04h], esp0_2_1001BB29
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-14h], esp0_2_10015B34
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-34h], esp0_2_10012B40
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-54h], esp0_2_1001DB5C
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-44h], esp0_2_1001DB5C
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-0Ch], esp0_2_10017B68
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-10h], esp0_2_10008BC4
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-10h], esp0_2_10007BCA
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-10h], esp0_2_10013C18
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-04h], esp0_2_10011C1A
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-58h], esp0_2_10024C38
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-20h], esp0_2_1001AC51
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-20h], esp0_2_1001AC51
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-20h], esp0_2_1001AC51
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-10h], esp0_2_10006C96
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-10h], esp0_2_1000FCB0
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-0Ch], esp0_2_10017D41
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-0Ch], esp0_2_10017D41
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-10h], esp0_2_1000FD4D
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-08h], esp0_2_10001D56
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-10h], esp0_2_10008DA3
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-10h], esp0_2_10007DB8
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-0Ch], esp0_2_1000FDEA
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-10h], esp0_2_10008E40
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-10h], esp0_2_10007E55
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-24h], esp0_2_10007E55
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-10h], esp0_2_10011E89
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-20h], esp0_2_10017ECA
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-38h], esp0_2_10008EDD
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-10h], esp0_2_1000FF10
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-1Ch], esp0_2_1001BFA0
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-1Ch], esp0_2_1001BFA0
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-1Ch], esp0_2_1001BFA0
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-24h], esp0_2_1001BFA0
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-1Ch], esp0_2_1001BFA0
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-10h], esp0_2_10013FC8
    Source: C:\Users\user\Desktop\99.exeCode function: 4x nop then cmp dword ptr [ebp-04h], esp0_2_10005FDA
    Source: C:\Users\user\Desktop\99.exeCode function: 0_2_00510400 InternetReadFile,0_2_00510400
    Source: 99.exeString found in binary or memory: http://.httpsset-cookie:;;
    Source: 99.exeString found in binary or memory: http://ocsp.t
    Source: 99.exeString found in binary or memory: http://sf.symc
    Source: 99.exeString found in binary or memory: http://ts-ocsp.ws.s
    Source: 99.exeString found in binary or memory: http://ts-ocsp.ws.symantec.
    Source: 99.exeString found in binary or memory: http://www.eyuyan.com)DVarFileInfo$
    Source: 99.exeString found in binary or memory: https://note.youdao.com/yws/public/note/fee7522094b30863456a85ffb799784a?sev=j1
    Source: 99.exeString found in binary or memory: https://ww(w.v
    Source: C:\Users\user\Desktop\99.exeCode function: 0_2_1001F2ED IsWindow,IsIconic,GetDCEx,GetDCEx,GetWindowInfo,GetWindowRect,CreateCompatibleDC,CreateDIBSection,SelectObject,CreateCompatibleDC,SelectObject,PrintWindow,BitBlt,BitBlt,BitBlt,SelectObject,GetDIBits,0_2_1001F2ED
    Source: 99.exe, 00000000.00000002.3436899930.00000000029CA000.00000040.00000020.00020000.00000000.sdmpBinary or memory string: GetRawInputDatamemstr_86e88561-1
    Source: C:\Users\user\Desktop\99.exeCode function: 0_2_0054090F GetKeyState,GetKeyState,GetKeyState,GetKeyState,0_2_0054090F
    Source: Yara matchFile source: Process Memory Space: 99.exe PID: 3800, type: MEMORYSTR
    Source: C:\Users\user\Desktop\99.exeCode function: 0_2_10007FDD NtClose,0_2_10007FDD
    Source: C:\Users\user\Desktop\99.exeCode function: 0_2_1001419C ReleaseMutex,NtClose,0_2_1001419C
    Source: C:\Users\user\Desktop\99.exeCode function: 0_2_1001221F NtClose,0_2_1001221F
    Source: C:\Users\user\Desktop\99.exeCode function: 0_2_0053E0890_2_0053E089
    Source: C:\Users\user\Desktop\99.exeCode function: 0_2_0046C0E40_2_0046C0E4
    Source: C:\Users\user\Desktop\99.exeCode function: 0_2_0045108F0_2_0045108F
    Source: C:\Users\user\Desktop\99.exeCode function: 0_2_004C11900_2_004C1190
    Source: C:\Users\user\Desktop\99.exeCode function: 0_2_004CB6100_2_004CB610
    Source: C:\Users\user\Desktop\99.exeCode function: 0_2_004C98C00_2_004C98C0
    Source: C:\Users\user\Desktop\99.exeCode function: 0_2_004688EA0_2_004688EA
    Source: C:\Users\user\Desktop\99.exeCode function: 0_2_004E5A100_2_004E5A10
    Source: C:\Users\user\Desktop\99.exeCode function: 0_2_00533A360_2_00533A36
    Source: C:\Users\user\Desktop\99.exeCode function: 0_2_00433C2C0_2_00433C2C
    Source: C:\Users\user\Desktop\99.exeCode function: 0_2_004ACCC00_2_004ACCC0
    Source: C:\Users\user\Desktop\99.exeCode function: 0_2_00537C820_2_00537C82
    Source: C:\Users\user\Desktop\99.exeCode function: 0_2_0048FCAC0_2_0048FCAC
    Source: C:\Users\user\Desktop\99.exeCode function: 0_2_100032EA0_2_100032EA
    Source: C:\Users\user\Desktop\99.exeCode function: 0_2_100026280_2_10002628
    Source: C:\Users\user\Desktop\99.exeProcess token adjusted: Load DriverJump to behavior
    Source: C:\Users\user\Desktop\99.exeProcess token adjusted: SecurityJump to behavior
    Source: C:\Users\user\Desktop\99.exeCode function: String function: 10029640 appears 65 times
    Source: C:\Users\user\Desktop\99.exeCode function: String function: 0052D0F4 appears 35 times
    Source: 709f3c.tmp.0.drStatic PE information: Resource name: RT_MESSAGETABLE type: PDP-11 separate I&D executable not stripped
    Source: 709f3c.tmp.0.drStatic PE information: No import functions for PE file found
    Source: 99.exe, 00000000.00000002.3436899930.0000000002A72000.00000040.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameuser32j% vs 99.exe
    Source: 99.exe, 00000000.00000003.2177302523.000000000266D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameuser32j% vs 99.exe
    Source: 99.exe, 00000000.00000003.2176501070.000000000278B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs 99.exe
    Source: 99.exe, 00000000.00000002.3436711771.000000000293F000.00000040.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs 99.exe
    Source: 99.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
    Source: 709f3c.tmp.0.drBinary string: \Device\IPT[
    Source: classification engineClassification label: mal72.evad.winEXE@1/4@0/0
    Source: C:\Users\user\Desktop\99.exeFile created: C:\Users\user\Desktop\ .iniJump to behavior
    Source: C:\Users\user\Desktop\99.exeMutant created: NULL
    Source: C:\Users\user\Desktop\99.exeFile created: C:\Users\user\AppData\Local\Temp\709f3c.tmpJump to behavior
    Source: 99.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
    Source: C:\Users\user\Desktop\99.exeFile read: C:\Users\user\Desktop\ .iniJump to behavior
    Source: C:\Users\user\Desktop\99.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
    Source: 99.exeReversingLabs: Detection: 50%
    Source: C:\Users\user\Desktop\99.exeSection loaded: apphelp.dllJump to behavior
    Source: C:\Users\user\Desktop\99.exeSection loaded: winmm.dllJump to behavior
    Source: C:\Users\user\Desktop\99.exeSection loaded: rasapi32.dllJump to behavior
    Source: C:\Users\user\Desktop\99.exeSection loaded: rasman.dllJump to behavior
    Source: C:\Users\user\Desktop\99.exeSection loaded: wininet.dllJump to behavior
    Source: C:\Users\user\Desktop\99.exeSection loaded: uxtheme.dllJump to behavior
    Source: C:\Users\user\Desktop\99.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Users\user\Desktop\99.exeSection loaded: version.dllJump to behavior
    Source: C:\Users\user\Desktop\99.exeSection loaded: ntmarta.dllJump to behavior
    Source: C:\Users\user\Desktop\99.exeSection loaded: textinputframework.dllJump to behavior
    Source: C:\Users\user\Desktop\99.exeSection loaded: coreuicomponents.dllJump to behavior
    Source: C:\Users\user\Desktop\99.exeSection loaded: coremessaging.dllJump to behavior
    Source: C:\Users\user\Desktop\99.exeSection loaded: wintypes.dllJump to behavior
    Source: C:\Users\user\Desktop\99.exeSection loaded: wintypes.dllJump to behavior
    Source: C:\Users\user\Desktop\99.exeSection loaded: wintypes.dllJump to behavior
    Source: C:\Users\user\Desktop\99.exeSection loaded: textshaping.dllJump to behavior
    Source: C:\Users\user\Desktop\99.exeFile written: C:\Users\user\Desktop\ .iniJump to behavior
    Source: 99.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
    Source: 99.exeStatic file information: File size 2240512 > 1048576
    Source: 99.exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x14b000
    Source: Binary string: devco n.pdbo source: 99.exe
    Source: Binary string: wntdll.pdbUGP source: 99.exe, 00000000.00000003.2176501070.0000000002668000.00000004.00000020.00020000.00000000.sdmp, 99.exe, 00000000.00000002.3436711771.0000000002812000.00000040.00000020.00020000.00000000.sdmp, 709f3c.tmp.0.dr
    Source: Binary string: wntdll.pdb source: 99.exe, 00000000.00000003.2176501070.0000000002668000.00000004.00000020.00020000.00000000.sdmp, 99.exe, 00000000.00000002.3436711771.0000000002812000.00000040.00000020.00020000.00000000.sdmp, 709f3c.tmp.0.dr
    Source: Binary string: wuser32.pdb source: 99.exe, 00000000.00000002.3436899930.00000000029CA000.00000040.00000020.00020000.00000000.sdmp, 99.exe, 00000000.00000003.2177302523.000000000266D000.00000004.00000020.00020000.00000000.sdmp, 709faa.tmp.0.dr
    Source: Binary string: DrvInDM U.pdbe source: 99.exe
    Source: Binary string: wuser32.pdbUGP source: 99.exe, 00000000.00000002.3436899930.00000000029CA000.00000040.00000020.00020000.00000000.sdmp, 99.exe, 00000000.00000003.2177302523.000000000266D000.00000004.00000020.00020000.00000000.sdmp, 709faa.tmp.0.dr
    Source: Binary string: devc@on.pdb source: 99.exe

    Data Obfuscation

    barindex
    Source: C:\Users\user\Desktop\99.exeUnpacked PE file: 0.2.99.exe.10000000.2.unpack
    Source: C:\Users\user\Desktop\99.exeCode function: 0_2_004C0410 GetProcAddress,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,FreeLibrary,FreeLibrary,0_2_004C0410
    Source: 709f3c.tmp.0.drStatic PE information: section name: RT
    Source: 709f3c.tmp.0.drStatic PE information: section name: .mrdata
    Source: 709f3c.tmp.0.drStatic PE information: section name: .00cfg
    Source: 709faa.tmp.0.drStatic PE information: section name: .didat
    Source: C:\Users\user\Desktop\99.exeCode function: 0_2_0052D0F4 push eax; ret 0_2_0052D112
    Source: C:\Users\user\Desktop\99.exeCode function: 0_2_0040AAA8 push es; retf 0009h0_2_0040AAA9
    Source: C:\Users\user\Desktop\99.exeCode function: 0_2_0040AB5D push eax; retf 0060h0_2_0040AB63
    Source: C:\Users\user\Desktop\99.exeCode function: 0_2_0052AD60 push eax; ret 0_2_0052AD8E
    Source: C:\Users\user\Desktop\99.exeCode function: 0_2_1002C7F8 push edi; ret 0_2_1002C7FC
    Source: 709f3c.tmp.0.drStatic PE information: section name: .text entropy: 6.844715065913507
    Source: C:\Users\user\Desktop\99.exeFile created: C:\Users\user\AppData\Local\Temp\709faa.tmpJump to dropped file
    Source: C:\Users\user\Desktop\99.exeFile created: C:\Users\user\AppData\Local\Temp\709f3c.tmpJump to dropped file
    Source: C:\Users\user\Desktop\99.exeCode function: 0_2_00528D93 IsIconic,GetWindowPlacement,GetWindowRect,0_2_00528D93
    Source: C:\Users\user\Desktop\99.exeCode function: 0_2_1001F2ED IsWindow,IsIconic,GetDCEx,GetDCEx,GetWindowInfo,GetWindowRect,CreateCompatibleDC,CreateDIBSection,SelectObject,CreateCompatibleDC,SelectObject,PrintWindow,BitBlt,BitBlt,BitBlt,SelectObject,GetDIBits,0_2_1001F2ED
    Source: C:\Users\user\Desktop\99.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\99.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\99.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

    Malware Analysis System Evasion

    barindex
    Source: C:\Users\user\Desktop\99.exeEvasive API call chain: CreateMutex,DecisionNodes,ExitProcessgraph_0-104409
    Source: C:\Users\user\Desktop\99.exeFile opened: C:\Windows\SysWOW64\ntdll.dllJump to behavior
    Source: C:\Users\user\Desktop\99.exeFile opened: C:\Windows\SysWOW64\ntdll.dllJump to behavior
    Source: C:\Users\user\Desktop\99.exeCode function: 0_2_00421D8D rdtsc 0_2_00421D8D
    Source: C:\Users\user\Desktop\99.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\709faa.tmpJump to dropped file
    Source: C:\Users\user\Desktop\99.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\709f3c.tmpJump to dropped file
    Source: C:\Users\user\Desktop\99.exeEvasive API call chain: GetSystemTime,DecisionNodesgraph_0-103869
    Source: C:\Users\user\Desktop\99.exeCode function: 0_2_0053C235 __EH_prolog,GetFullPathNameA,lstrcpynA,GetVolumeInformationA,CharUpperA,FindFirstFileA,FindClose,lstrcpyA,0_2_0053C235
    Source: C:\Users\user\Desktop\99.exeCode function: 0_2_0041C420 GetSystemInfo,0_2_0041C420
    Source: 99.exe, 00000000.00000002.3436030706.00000000009BE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
    Source: C:\Users\user\Desktop\99.exeAPI call chain: ExitProcess graph end nodegraph_0-104523
    Source: C:\Users\user\Desktop\99.exeProcess information queried: ProcessInformationJump to behavior
    Source: C:\Users\user\Desktop\99.exeCode function: 0_2_00421D8D rdtsc 0_2_00421D8D
    Source: C:\Users\user\Desktop\99.exeCode function: 0_2_10004B1B LdrInitializeThunk,0_2_10004B1B
    Source: C:\Users\user\Desktop\99.exeCode function: 0_2_004C0410 GetProcAddress,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,FreeLibrary,FreeLibrary,0_2_004C0410
    Source: C:\Users\user\Desktop\99.exeCode function: 0_2_0042025F mov ebx, dword ptr fs:[00000030h]0_2_0042025F
    Source: C:\Users\user\Desktop\99.exeCode function: 0_2_004159DC mov ebx, dword ptr fs:[00000030h]0_2_004159DC
    Source: C:\Users\user\Desktop\99.exeCode function: 0_2_0041CB04 mov eax, dword ptr fs:[00000030h]0_2_0041CB04
    Source: C:\Users\user\Desktop\99.exeCode function: 0_2_00416E5A mov ebx, dword ptr fs:[00000030h]0_2_00416E5A
    Source: C:\Users\user\Desktop\99.exeCode function: 0_2_1001A4C7 mov eax, dword ptr fs:[00000030h]0_2_1001A4C7
    Source: C:\Users\user\Desktop\99.exeCode function: 0_2_1000AE99 mov eax, dword ptr fs:[00000030h]0_2_1000AE99
    Source: C:\Users\user\Desktop\99.exeCode function: 0_2_004AD790 GetProcessHeap,RtlAllocateHeap,0_2_004AD790
    Source: C:\Users\user\Desktop\99.exeProcess token adjusted: DebugJump to behavior
    Source: C:\Users\user\Desktop\99.exeProcess token adjusted: DebugJump to behavior
    Source: 99.exeBinary or memory string: Shell_TrayWnd
    Source: 99.exe, 00000000.00000002.3436899930.00000000029CA000.00000040.00000020.00020000.00000000.sdmp, 99.exe, 00000000.00000002.3436030706.00000000009BE000.00000004.00000020.00020000.00000000.sdmp, 99.exe, 00000000.00000003.2177302523.000000000266D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: GetProgmanWindow
    Source: 99.exeBinary or memory string: @TaskbarCreatedShell_TrayWndTrayNotifyWndSysPagerToolbarWindow32
    Source: 99.exe, 00000000.00000002.3436899930.00000000029CA000.00000040.00000020.00020000.00000000.sdmp, 99.exe, 00000000.00000002.3436030706.00000000009BE000.00000004.00000020.00020000.00000000.sdmp, 99.exe, 00000000.00000003.2177302523.000000000266D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SetProgmanWindow
    Source: C:\Users\user\Desktop\99.exeCode function: 0_2_0042E43B cpuid 0_2_0042E43B
    Source: C:\Users\user\Desktop\99.exeCode function: 0_2_0052C1C0 GetLocalTime,GetSystemTime,GetTimeZoneInformation,0_2_0052C1C0
    Source: C:\Users\user\Desktop\99.exeCode function: 0_2_0052C1C0 GetLocalTime,GetSystemTime,GetTimeZoneInformation,0_2_0052C1C0
    Source: C:\Users\user\Desktop\99.exeCode function: 0_2_0053E089 __EH_prolog,GetVersion,0_2_0053E089
    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
    Gather Victim Identity InformationAcquire InfrastructureValid Accounts12
    Native API
    1
    LSASS Driver
    1
    Process Injection
    1
    Masquerading
    21
    Input Capture
    2
    System Time Discovery
    Remote Services1
    Screen Capture
    1
    Encrypted Channel
    Exfiltration Over Other Network MediumAbuse Accessibility Features
    CredentialsDomainsDefault AccountsScheduled Task/Job1
    DLL Side-Loading
    1
    LSASS Driver
    1
    Process Injection
    LSASS Memory21
    Security Software Discovery
    Remote Desktop Protocol21
    Input Capture
    1
    Ingress Tool Transfer
    Exfiltration Over BluetoothNetwork Denial of Service
    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
    DLL Side-Loading
    1
    Deobfuscate/Decode Files or Information
    Security Account Manager2
    Process Discovery
    SMB/Windows Admin Shares1
    Archive Collected Data
    SteganographyAutomated ExfiltrationData Encrypted for Impact
    Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook4
    Obfuscated Files or Information
    NTDS1
    Application Window Discovery
    Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script11
    Software Packing
    LSA Secrets3
    File and Directory Discovery
    SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
    DLL Side-Loading
    Cached Domain Credentials14
    System Information Discovery
    VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Is Windows Process
    • Number of created Registry Values
    • Number of created Files
    • Visual Basic
    • Delphi
    • Java
    • .Net C# or VB.NET
    • C, C++ or other language
    • Is malicious
    • Internet

    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


    windows-stand
    SourceDetectionScannerLabelLink
    99.exe50%ReversingLabsWin32.Trojan.Generic
    99.exe100%Joe Sandbox ML
    SourceDetectionScannerLabelLink
    C:\Users\user\AppData\Local\Temp\709f3c.tmp0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\709faa.tmp0%ReversingLabs
    No Antivirus matches
    No Antivirus matches
    SourceDetectionScannerLabelLink
    https://ww(w.v0%Avira URL Cloudsafe
    http://sf.symc0%Avira URL Cloudsafe
    http://.httpsset-cookie:;;0%Avira URL Cloudsafe
    http://ts-ocsp.ws.symantec.0%Avira URL Cloudsafe
    http://ocsp.t0%Avira URL Cloudsafe
    http://ts-ocsp.ws.s0%Avira URL Cloudsafe
    No contacted domains info
    NameSourceMaliciousAntivirus DetectionReputation
    http://www.eyuyan.com)DVarFileInfo$99.exefalse
      high
      https://ww(w.v99.exefalse
      • Avira URL Cloud: safe
      unknown
      http://ocsp.t99.exefalse
      • Avira URL Cloud: safe
      unknown
      http://.httpsset-cookie:;;99.exefalse
      • Avira URL Cloud: safe
      unknown
      http://ts-ocsp.ws.s99.exefalse
      • Avira URL Cloud: safe
      unknown
      http://ts-ocsp.ws.symantec.99.exefalse
      • Avira URL Cloud: safe
      unknown
      https://note.youdao.com/yws/public/note/fee7522094b30863456a85ffb799784a?sev=j199.exefalse
        high
        http://sf.symc99.exefalse
        • Avira URL Cloud: safe
        unknown
        No contacted IP infos
        Joe Sandbox version:41.0.0 Charoite
        Analysis ID:1559173
        Start date and time:2024-11-20 09:20:13 +01:00
        Joe Sandbox product:CloudBasic
        Overall analysis duration:0h 5m 18s
        Hypervisor based Inspection enabled:false
        Report type:full
        Cookbook file name:default.jbs
        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
        Number of analysed new started processes analysed:6
        Number of new started drivers analysed:0
        Number of existing processes analysed:0
        Number of existing drivers analysed:0
        Number of injected processes analysed:0
        Technologies:
        • HCA enabled
        • EGA enabled
        • AMSI enabled
        Analysis Mode:default
        Analysis stop reason:Timeout
        Sample name:99.exe
        Detection:MAL
        Classification:mal72.evad.winEXE@1/4@0/0
        EGA Information:
        • Successful, ratio: 100%
        HCA Information:
        • Successful, ratio: 72%
        • Number of executed functions: 45
        • Number of non-executed functions: 201
        Cookbook Comments:
        • Found application associated with file extension: .exe
        • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
        • Excluded domains from analysis (whitelisted): client.wns.windows.com, ocsp.digicert.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
        • VT rate limit hit for: 99.exe
        TimeTypeDescription
        03:21:14API Interceptor1x Sleep call for process: 99.exe modified
        No context
        No context
        No context
        No context
        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
        C:\Users\user\AppData\Local\Temp\709f3c.tmp211.exeGet hashmaliciousUnknownBrowse
          212.exeGet hashmaliciousUnknownBrowse
            214.exeGet hashmaliciousUnknownBrowse
              SecuriteInfo.com.Win32.Evo-gen.19313.28597.exeGet hashmaliciousUnknownBrowse
                file.exeGet hashmaliciousUnknownBrowse
                  file.exeGet hashmaliciousUnknownBrowse
                    file.exeGet hashmaliciousUnknownBrowse
                      BCNFNjvJNq.exeGet hashmaliciousADWIND, Lokibot, Ramnit, SalityBrowse
                        cnlg48.exeGet hashmaliciousUnknownBrowse
                          Lisect_AVT_24003_G1A_54.exeGet hashmaliciousBdaejecBrowse
                            Process:C:\Users\user\Desktop\99.exe
                            File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                            Category:dropped
                            Size (bytes):1699896
                            Entropy (8bit):6.290547513916722
                            Encrypted:false
                            SSDEEP:24576:0Na0qyFU/vb313JPCGucMBbruVALdpNQHKl3y9UfSj6HYZY8zCixcq:kFU3b3HucMBbrb/qj98deCNq
                            MD5:5564A98A4692BA8B2D25770FB834D5F6
                            SHA1:129D030D817F6B25D1FDEF2CAD33EB81DE1DEA8B
                            SHA-256:28AB9A0F5F50FD5398324B5EC099F5C53C6FAA701C3F6D8B0B3DA47A76C56230
                            SHA-512:D803E2E3425095E170910103A4470C598FD4A9A10C1217A006A6393CD1ECA06D1C628E845F6FD1071F1C92778D481F47E4E5F175005FEC2CB0A7519C90992858
                            Malicious:false
                            Antivirus:
                            • Antivirus: ReversingLabs, Detection: 0%
                            Joe Sandbox View:
                            • Filename: 211.exe, Detection: malicious, Browse
                            • Filename: 212.exe, Detection: malicious, Browse
                            • Filename: 214.exe, Detection: malicious, Browse
                            • Filename: SecuriteInfo.com.Win32.Evo-gen.19313.28597.exe, Detection: malicious, Browse
                            • Filename: file.exe, Detection: malicious, Browse
                            • Filename: file.exe, Detection: malicious, Browse
                            • Filename: file.exe, Detection: malicious, Browse
                            • Filename: BCNFNjvJNq.exe, Detection: malicious, Browse
                            • Filename: cnlg48.exe, Detection: malicious, Browse
                            • Filename: Lisect_AVT_24003_G1A_54.exe, Detection: malicious, Browse
                            Reputation:moderate, very likely benign file
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......-.=FizS.izS.izS.2.P.jzS.}.S.hzS.}.P./zS.}.].q{S.}.V.rzS.}.W..zS.}...hzS.}.Q.hzS.RichizS.........................PE..L..................!.........................0....(K.........................@......,.....@A............................U...............................8`.......Q..0z..p............................................................................text...%........................... ..`RT.................................. ..`PAGE....:.... ...................... ..`.data....Z...0......................@....mrdata.x#.......$..................@....00cfg...............:..............@..@.rsrc................<..............@..@.reloc...Q.......R...>..............@..B................................................................................................................................................................................................
                            Process:C:\Users\user\Desktop\99.exe
                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                            Category:dropped
                            Size (bytes):1679648
                            Entropy (8bit):5.3288490918902225
                            Encrypted:false
                            SSDEEP:24576:nB79uCigstmh6JVZ3et1NtJJBwuCx59U4IgL5pc6:JXh2LeXJBwuOTU4I56
                            MD5:2E8AB67DC55089DFBCBFA7710BD15B07
                            SHA1:159434853CE512029314C6B70070220D251A924A
                            SHA-256:2BCC4FD8A4D3C4033A81702E1B685860BE78D6F1A7E980F2E7593C59656F2706
                            SHA-512:7898B7B48685A2079BC77210464C448025E5BECB25EDDF3FB612A320B627FDB45AFF12D4913ADA98524E2C4718D74E911CE007F4DE6E3F2BB7184CDFAC5A0E5F
                            Malicious:false
                            Antivirus:
                            • Antivirus: ReversingLabs, Detection: 0%
                            Reputation:moderate, very likely benign file
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......l=..(\.H(\.H(\.H!$4Hd\.H<7.I!\.H(\.H)X.H<7.I)\.H<7.I!\.H<7.I.\.H<7.I'\.H<7XH)\.H<7.I)\.HRich(\.H........PE..L...-..?...........!.....0...:...............@.....i................................=.....@A............................(s..X...\.... ...............B.. _...@..$g.. Q..T...............................................L...<........................text...8/.......0.................. ..`.data....2...@.......4..............@....idata..`............<..............@..@.didat..x...........................@....rsrc........ ......................@..@.reloc..$g...@...h..................@..B........................................................................................................................................................................................................................................................................................
                            Process:C:\Users\user\Desktop\99.exe
                            File Type:PNG image data, 26 x 27, 8-bit/color RGBA, non-interlaced
                            Category:dropped
                            Size (bytes):948
                            Entropy (8bit):7.728195311771606
                            Encrypted:false
                            SSDEEP:24:UuSWKxtY2W6uojEOHLLOtAi0vjaWrUXwUKTZO+1vI8:UubQvW6njvHLLFRuDXwXV/1vP
                            MD5:8014CC830D75442D7FCD99817BCF53BF
                            SHA1:7DA4E534B0762848C6625A10C16750487D1FD560
                            SHA-256:994EF96AC1EA8D8204528A6F3BC34E6389B4CF4A6236E2E49D50DA7B9B7F6CEA
                            SHA-512:E18141F4EA45D951858EA1AD8A388BF887712F456FFD33B643F2352E13BC2C7F3120CE2041EE2895CF8F098928C815F55ABDD23BAB138FF306EBC92B4EF4F355
                            Malicious:false
                            Reputation:low
                            Preview:.PNG........IHDR.............b..k....sRGB.........gAMA......a.....pHYs..........o.d...IIDATHK..YHTQ...KY.2.3.,...2.Vnd."Z..1. Z..d..VhRd..[*..`eI...DVX.m.@E;.(.Y...A..\.\..h........s..q.>....p..{@.g:...Y.3a....#l..y..$N<.W'..X...-..'..f.K......4..D....&q..R~..Yp.....M.n..D.!..S..L.....a.....m..0.w<..x..p...z\....s.J....al..].9h.3.....k...s...C..#.>..#.H....X.....=....Wo...M.1..n..s.....wA.....R0t.j............}N..Y.......:(..YSZ..dm.....1.....<,..*|x].3...yY.P.......n......Dv.R...D.....z._)...}<..i....+.`..7......[..KrL.xu..'%9B.p3.o.....{..&...../...x+..&....`p.Yz.V......Vc....U.h......+..q.x..\..SQ..?...*..D...g.. ;^.rs.O..'&........](..T..V-A..7....&.....".ZW!...|.........>8Vg.....QkD.v....p..F...C9....M.&..9.*.0$F..%...'V...=...f.4..6,..X...|`IIn".W...$l......t7..q.......G..44...oQ+.q}...5BtS..D..Io.I.6.r.`.|.IBu~..j..or.>..#u6.r}2O..-.K].#.v...`?})l.c.....= .s.a.H.. ......{......7>[....IEND.B`.
                            Process:C:\Users\user\Desktop\99.exe
                            File Type:ASCII text, with CRLF line terminators
                            Category:dropped
                            Size (bytes):14
                            Entropy (8bit):3.52164063634332
                            Encrypted:false
                            SSDEEP:3:z:z
                            MD5:9B7324D9076B1DACF2A6D40EE2B806E7
                            SHA1:B239E85A0446F88F66113108E8CA7D095EC7A80D
                            SHA-256:A7C468945151C41FACB3A970AA723A5AE947A3733C533C9B339B17E0AF2A2814
                            SHA-512:F23D9A36986D27557858A42B29C13668F51712B63505F9567A75BB678AA92BBA22620397E933C6D615C045ACACBDAD02BC317BD7170031F858238BC586B34F36
                            Malicious:false
                            Reputation:low
                            Preview:[Cofig]..N1=..
                            File type:PE32 executable (GUI) Intel 80386, for MS Windows
                            Entropy (8bit):6.617119395721113
                            TrID:
                            • Win32 Executable (generic) a (10002005/4) 99.83%
                            • Windows Screen Saver (13104/52) 0.13%
                            • Generic Win/DOS Executable (2004/3) 0.02%
                            • DOS Executable Generic (2002/1) 0.02%
                            • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                            File name:99.exe
                            File size:2'240'512 bytes
                            MD5:d493468d3a2924d4c9c235451c67e2aa
                            SHA1:d9f76deb08187b4c70cca18eccb456f0571f6404
                            SHA256:159b20c6cdcee8b9c746d8b7d97efc8a24bc50e4e124715839178b61f30eccce
                            SHA512:d8a787dfd3ec1c934769b20c0c4da6b115d7d055f8d8406c85f5ebdb59be5b609b02d1b7274579ac243525a3689deb1633efaa124afab8fd99848ff52efe786e
                            SSDEEP:24576:5my2zSUR17sXRZ6/xtZRBmYVOs2PmyPG2aB7yAYpJpXdvCHBIZ140Q5Vv1gXvXlA:0y6gi/jcPPHaBqrNvChuQWvkvt
                            TLSH:D7A58D13F002C0B2D1562AF262A51B386EB48B653D79CE9BEBF0DD767CB1432972650D
                            File Content Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......d..A ... ... ...O...)...O...&...........[...%...v.......B...<... ...........#.......K...............!.......@.......;... ...{..
                            Icon Hash:1c304bcb217568c2
                            Entrypoint:0x529787
                            Entrypoint Section:.text
                            Digitally signed:false
                            Imagebase:0x400000
                            Subsystem:windows gui
                            Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                            DLL Characteristics:
                            Time Stamp:0x662919A3 [Wed Apr 24 14:39:31 2024 UTC]
                            TLS Callbacks:
                            CLR (.Net) Version:
                            OS Version Major:4
                            OS Version Minor:0
                            File Version Major:4
                            File Version Minor:0
                            Subsystem Version Major:4
                            Subsystem Version Minor:0
                            Import Hash:decc92b221bcaf0a3b2a322cbb570101
                            Instruction
                            push ebp
                            mov ebp, esp
                            push FFFFFFFFh
                            push 005E8A58h
                            push 0052C5D4h
                            mov eax, dword ptr fs:[00000000h]
                            push eax
                            mov dword ptr fs:[00000000h], esp
                            sub esp, 58h
                            push ebx
                            push esi
                            push edi
                            mov dword ptr [ebp-18h], esp
                            call dword ptr [0054C3E0h]
                            xor edx, edx
                            mov dl, ah
                            mov dword ptr [00647F04h], edx
                            mov ecx, eax
                            and ecx, 000000FFh
                            mov dword ptr [00647F00h], ecx
                            shl ecx, 08h
                            add ecx, edx
                            mov dword ptr [00647EFCh], ecx
                            shr eax, 10h
                            mov dword ptr [00647EF8h], eax
                            push 00000001h
                            call 00007F9AACB33A7Dh
                            pop ecx
                            test eax, eax
                            jne 00007F9AACB2D98Ah
                            push 0000001Ch
                            call 00007F9AACB2DA48h
                            pop ecx
                            call 00007F9AACB33828h
                            test eax, eax
                            jne 00007F9AACB2D98Ah
                            push 00000010h
                            call 00007F9AACB2DA37h
                            pop ecx
                            xor esi, esi
                            mov dword ptr [ebp-04h], esi
                            call 00007F9AACB33656h
                            call dword ptr [0054C360h]
                            mov dword ptr [0064D144h], eax
                            call 00007F9AACB33514h
                            mov dword ptr [00647E70h], eax
                            call 00007F9AACB332BDh
                            call 00007F9AACB331FFh
                            call 00007F9AACB32130h
                            mov dword ptr [ebp-30h], esi
                            lea eax, dword ptr [ebp-5Ch]
                            push eax
                            call dword ptr [0054C1D4h]
                            call 00007F9AACB33190h
                            mov dword ptr [ebp-64h], eax
                            test byte ptr [ebp-30h], 00000001h
                            je 00007F9AACB2D988h
                            movzx eax, word ptr [ebp+00h]
                            Programming Language:
                            • [C++] VS98 (6.0) SP6 build 8804
                            • [ C ] VS98 (6.0) SP6 build 8804
                            • [C++] VS98 (6.0) build 8168
                            • [ C ] VS98 (6.0) build 8168
                            • [EXP] VC++ 6.0 SP5 build 8804
                            NameVirtual AddressVirtual Size Is in Section
                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                            IMAGE_DIRECTORY_ENTRY_IMPORT0x1f18900x12c.rdata
                            IMAGE_DIRECTORY_ENTRY_RESOURCE0x24e0000x1568c.rsrc
                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                            IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                            IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                            IMAGE_DIRECTORY_ENTRY_IAT0x14c0000x7d0.rdata
                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                            NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                            .text0x10000x14a85e0x14b0006f14ecc7cf3e459d5df02e328092d43cFalse0.4123793310989426data6.44187498568618IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                            .rdata0x14c0000xa80ee0xa9000a2ee2a68d142c53e46d8e56190dc544fFalse0.603280152089497data6.79861789008601IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                            .data0x1f50000x5814a0x18000c531c5ee17ec5d323660daeb3c163e65False0.3048299153645833data5.07229830630416IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                            .rsrc0x24e0000x1568c0x16000e507daa535c765cf11e73ac71f82fd56False0.6083873401988636data6.504507331161947IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                            NameRVASizeTypeLanguageCountryZLIB Complexity
                            TEXTINCLUDE0x24eb9c0xbASCII text, with no line terminatorsChineseChina1.7272727272727273
                            TEXTINCLUDE0x24eba80x16dataChineseChina1.3636363636363635
                            TEXTINCLUDE0x24ebc00x151C source, ASCII text, with CRLF line terminatorsChineseChina0.6201780415430267
                            RT_CURSOR0x24ed140x134dataChineseChina0.5811688311688312
                            RT_CURSOR0x24ee480x134Targa image data - Map 64 x 65536 x 1 +32 "\001"ChineseChina0.37662337662337664
                            RT_CURSOR0x24ef7c0x134Targa image data - RGB 64 x 65536 x 1 +32 "\001"ChineseChina0.4805194805194805
                            RT_CURSOR0x24f0b00xb4Targa image data - Map 32 x 65536 x 1 +16 "\001"ChineseChina0.7
                            RT_BITMAP0x24f1640x248Device independent bitmap graphic, 64 x 15 x 4, image size 480ChineseChina0.3407534246575342
                            RT_BITMAP0x24f3ac0x144Device independent bitmap graphic, 33 x 11 x 4, image size 220ChineseChina0.4444444444444444
                            RT_BITMAP0x24f4f00x158Device independent bitmap graphic, 20 x 20 x 4, image size 240, resolution 3780 x 3780 px/mChineseChina0.26453488372093026
                            RT_BITMAP0x24f6480x158Device independent bitmap graphic, 20 x 20 x 4, image size 240, resolution 3780 x 3780 px/mChineseChina0.2616279069767442
                            RT_BITMAP0x24f7a00x158Device independent bitmap graphic, 20 x 20 x 4, image size 240, resolution 3780 x 3780 px/mChineseChina0.2441860465116279
                            RT_BITMAP0x24f8f80x158Device independent bitmap graphic, 20 x 20 x 4, image size 240, resolution 3780 x 3780 px/mChineseChina0.24709302325581395
                            RT_BITMAP0x24fa500x158Device independent bitmap graphic, 20 x 20 x 4, image size 240, resolution 3780 x 3780 px/mChineseChina0.2238372093023256
                            RT_BITMAP0x24fba80x158Device independent bitmap graphic, 20 x 20 x 4, image size 240ChineseChina0.19476744186046513
                            RT_BITMAP0x24fd000x158Device independent bitmap graphic, 20 x 20 x 4, image size 240ChineseChina0.20930232558139536
                            RT_BITMAP0x24fe580x158Device independent bitmap graphic, 20 x 20 x 4, image size 240ChineseChina0.18895348837209303
                            RT_BITMAP0x24ffb00x5e4Device independent bitmap graphic, 70 x 39 x 4, image size 1404ChineseChina0.34615384615384615
                            RT_BITMAP0x2505940xb8Device independent bitmap graphic, 12 x 10 x 4, image size 80ChineseChina0.44565217391304346
                            RT_BITMAP0x25064c0x16cDevice independent bitmap graphic, 39 x 13 x 4, image size 260ChineseChina0.28296703296703296
                            RT_BITMAP0x2507b80x144Device independent bitmap graphic, 33 x 11 x 4, image size 220ChineseChina0.37962962962962965
                            RT_ICON0x2508fc0x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 640ChineseChina0.26344086021505375
                            RT_ICON0x250be40x128Device independent bitmap graphic, 16 x 32 x 4, image size 192ChineseChina0.41216216216216217
                            RT_ICON0x250d0c0x10828Device independent bitmap graphic, 128 x 256 x 32, image size 655360.7020140778421862
                            RT_MENU0x2615340xcdataChineseChina1.5
                            RT_MENU0x2615400x284dataChineseChina0.5
                            RT_DIALOG0x2617c40x98dataChineseChina0.7171052631578947
                            RT_DIALOG0x26185c0x17adataChineseChina0.5185185185185185
                            RT_DIALOG0x2619d80xfadataChineseChina0.696
                            RT_DIALOG0x261ad40xeadataChineseChina0.6239316239316239
                            RT_DIALOG0x261bc00x8aedataChineseChina0.39603960396039606
                            RT_DIALOG0x2624700xb2dataChineseChina0.7359550561797753
                            RT_DIALOG0x2625240xccdataChineseChina0.7647058823529411
                            RT_DIALOG0x2625f00xb2dataChineseChina0.6629213483146067
                            RT_DIALOG0x2626a40xe2dataChineseChina0.6637168141592921
                            RT_DIALOG0x2627880x18cdataChineseChina0.5227272727272727
                            RT_STRING0x2629140x50dataChineseChina0.85
                            RT_STRING0x2629640x2cdataChineseChina0.5909090909090909
                            RT_STRING0x2629900x78dataChineseChina0.925
                            RT_STRING0x262a080x1c4dataChineseChina0.8141592920353983
                            RT_STRING0x262bcc0x12adataChineseChina0.5201342281879194
                            RT_STRING0x262cf80x146dataChineseChina0.6288343558282209
                            RT_STRING0x262e400x40dataChineseChina0.65625
                            RT_STRING0x262e800x64dataChineseChina0.73
                            RT_STRING0x262ee40x1d8dataChineseChina0.6758474576271186
                            RT_STRING0x2630bc0x114dataChineseChina0.6376811594202898
                            RT_STRING0x2631d00x24dataChineseChina0.4444444444444444
                            RT_GROUP_CURSOR0x2631f40x14Lotus unknown worksheet or configuration, revision 0x1ChineseChina1.25
                            RT_GROUP_CURSOR0x2632080x14Lotus unknown worksheet or configuration, revision 0x1ChineseChina1.25
                            RT_GROUP_CURSOR0x26321c0x22Lotus unknown worksheet or configuration, revision 0x2ChineseChina1.0294117647058822
                            RT_GROUP_ICON0x2632400x14data1.25
                            RT_GROUP_ICON0x2632540x14dataChineseChina1.2
                            RT_GROUP_ICON0x2632680x14dataChineseChina1.25
                            RT_VERSION0x26327c0x240dataChineseChina0.5642361111111112
                            RT_MANIFEST0x2634bc0x1cdXML 1.0 document, ASCII text, with very long lines (461), with no line terminators0.5878524945770065
                            DLLImport
                            WINMM.dllmidiStreamOut, midiOutPrepareHeader, midiStreamProperty, midiStreamOpen, midiOutUnprepareHeader, waveOutOpen, waveOutUnprepareHeader, waveOutPrepareHeader, waveOutWrite, waveOutPause, waveOutReset, waveOutClose, waveOutGetNumDevs, waveOutRestart, midiStreamStop, midiOutReset, midiStreamClose, midiStreamRestart
                            WS2_32.dllWSAAsyncSelect, closesocket, send, select, WSAStartup, inet_ntoa, recvfrom, ioctlsocket, recv, getpeername, accept, WSACleanup, ntohl
                            RASAPI32.dllRasHangUpA, RasGetConnectStatusA
                            KERNEL32.dllMultiByteToWideChar, SetLastError, GetTimeZoneInformation, OpenProcess, FileTimeToSystemTime, CreateMutexA, ReleaseMutex, TerminateThread, SuspendThread, RaiseException, GetLocalTime, GetSystemTime, RtlUnwind, GetStartupInfoA, GetOEMCP, GetCPInfo, GetProcessVersion, SetErrorMode, GlobalFlags, GetCurrentThread, GetFileTime, TlsGetValue, LocalReAlloc, TlsSetValue, TlsFree, GlobalHandle, TlsAlloc, LocalAlloc, lstrcmpA, GlobalGetAtomNameA, GlobalAddAtomA, GlobalFindAtomA, GlobalDeleteAtom, lstrcmpiA, SetEndOfFile, UnlockFile, LockFile, FlushFileBuffers, DuplicateHandle, lstrcpynA, FileTimeToLocalFileTime, LocalFree, WideCharToMultiByte, InterlockedDecrement, InterlockedIncrement, TerminateProcess, GetCurrentProcess, GetFileSize, SetFilePointer, CreateToolhelp32Snapshot, Process32First, Process32Next, CreateSemaphoreA, ResumeThread, ReleaseSemaphore, EnterCriticalSection, LeaveCriticalSection, GetProfileStringA, WriteFile, WaitForMultipleObjects, CreateFileA, SetEvent, FindResourceA, LoadResource, LockResource, ReadFile, lstrlenW, GetModuleFileNameA, GetCurrentThreadId, ExitProcess, GlobalSize, GlobalFree, DeleteCriticalSection, InitializeCriticalSection, lstrcatA, lstrlenA, WinExec, lstrcpyA, FindNextFileA, GetDriveTypeA, GlobalReAlloc, HeapFree, HeapReAlloc, GetProcessHeap, HeapAlloc, GetUserDefaultLCID, GetFullPathNameA, FreeLibrary, LoadLibraryA, GetLastError, GetVersionExA, WritePrivateProfileStringA, GetPrivateProfileStringA, CreateThread, CreateEventA, Sleep, ExpandEnvironmentStringsA, GlobalAlloc, GlobalLock, GlobalUnlock, InterlockedExchange, FindFirstFileA, FindClose, SetFileAttributesA, GetFileAttributesA, DeleteFileA, GetCurrentDirectoryA, SetCurrentDirectoryA, GetVolumeInformationA, GetModuleHandleA, GetProcAddress, MulDiv, GetCommandLineA, GetTickCount, CreateProcessA, WaitForSingleObject, CloseHandle, HeapSize, GetACP, SetStdHandle, GetFileType, UnhandledExceptionFilter, FreeEnvironmentStringsA, FreeEnvironmentStringsW, GetEnvironmentStrings, GetEnvironmentStringsW, SetHandleCount, GetStdHandle, GetEnvironmentVariableA, HeapDestroy, HeapCreate, VirtualFree, SetEnvironmentVariableA, LCMapStringA, LCMapStringW, VirtualAlloc, IsBadWritePtr, SetUnhandledExceptionFilter, GetStringTypeA, GetStringTypeW, CompareStringA, CompareStringW, IsBadReadPtr, IsBadCodePtr, GetVersion
                            USER32.dllSetWindowRgn, DestroyAcceleratorTable, GetWindow, GetActiveWindow, SetFocus, GetMessagePos, ScreenToClient, GetSysColorBrush, LoadStringA, IsWindowEnabled, ShowWindow, SystemParametersInfoA, LoadImageA, EnumDisplaySettingsA, ClientToScreen, EnableMenuItem, GetSubMenu, GetDlgCtrlID, CreateAcceleratorTableA, CreateMenu, ModifyMenuA, AppendMenuA, CreatePopupMenu, DrawIconEx, CreateIconFromResource, CreateIconFromResourceEx, RegisterClipboardFormatA, SetRectEmpty, DispatchMessageA, GetMessageA, WindowFromPoint, ChildWindowFromPointEx, CopyRect, LoadBitmapA, WinHelpA, KillTimer, SetTimer, ReleaseCapture, GetCapture, SetCapture, GetScrollRange, SetScrollRange, SetScrollPos, SetRect, InflateRect, IntersectRect, DestroyIcon, PtInRect, OffsetRect, IsWindowVisible, DrawFocusRect, GetMenuCheckMarkDimensions, GetMenuState, SetMenuItemBitmaps, CheckMenuItem, MoveWindow, IsDialogMessageA, ScrollWindowEx, SendDlgItemMessageA, MapWindowPoints, AdjustWindowRectEx, IsIconic, GetScrollPos, RegisterClassA, GetMenuItemCount, GetMenuItemID, SetWindowsHookExA, CallNextHookEx, GetClassLongA, SetPropA, UnhookWindowsHookEx, GetPropA, RemovePropA, GetMessageTime, GetLastActivePopup, GetForegroundWindow, RegisterWindowMessageA, GetWindowPlacement, GetNextDlgTabItem, EndDialog, CreateDialogIndirectParamA, EnableWindow, RedrawWindow, GetWindowLongA, SetWindowLongA, GetSysColor, SetActiveWindow, SetCursorPos, LoadCursorA, SetCursor, GetDC, FillRect, IsRectEmpty, ReleaseDC, IsChild, DestroyMenu, SetForegroundWindow, GetWindowRect, EqualRect, UpdateWindow, ValidateRect, InvalidateRect, GetClientRect, GetFocus, GetParent, GetTopWindow, PostMessageA, IsWindow, SetParent, DestroyCursor, SendMessageA, SetWindowPos, MessageBoxA, GetCursorPos, GetSystemMetrics, EmptyClipboard, SetClipboardData, OpenClipboard, GetClipboardData, CloseClipboard, wsprintfA, WaitForInputIdle, PeekMessageA, SetMenu, GetMenu, DeleteMenu, GetSystemMenu, DefWindowProcA, GetClassInfoA, IsZoomed, DrawEdge, DrawFrameControl, TranslateMessage, LoadIconA, UnregisterClassA, GetDesktopWindow, GetClassNameA, GetWindowThreadProcessId, FindWindowA, GetWindowTextA, CallWindowProcA, CreateWindowExA, RegisterHotKey, UnregisterHotKey, SetWindowTextA, PostQuitMessage, CopyAcceleratorTableA, GetKeyState, TranslateAcceleratorA, GetDlgItem, GetWindowTextLengthA, CharUpperA, GetWindowDC, BeginPaint, EndPaint, TabbedTextOutA, DrawTextA, GrayStringA, DestroyWindow
                            GDI32.dllExtSelectClipRgn, LineTo, MoveToEx, ExcludeClipRect, GetClipBox, ScaleWindowExtEx, DeleteDC, StartDocA, StartPage, BitBlt, CreateCompatibleDC, Ellipse, Rectangle, LPtoDP, DPtoLP, GetCurrentObject, RoundRect, GetDeviceCaps, RealizePalette, SelectPalette, StretchBlt, CreatePalette, GetSystemPaletteEntries, CreateDIBitmap, DeleteObject, SelectClipRgn, CreatePolygonRgn, GetClipRgn, SetStretchBltMode, CreateRectRgnIndirect, SetBkColor, CreateFontA, TranslateCharsetInfo, SetWindowExtEx, SetWindowOrgEx, ScaleViewportExtEx, SetViewportExtEx, OffsetViewportOrgEx, SetViewportOrgEx, SetMapMode, SetTextColor, SetROP2, SetPolyFillMode, SetBkMode, GetViewportExtEx, PtVisible, RectVisible, TextOutA, ExtTextOutA, Escape, GetTextMetricsA, EndDoc, EndPage, GetObjectA, GetStockObject, CreateFontIndirectA, CreateSolidBrush, FillRgn, CreateRectRgn, CombineRgn, PatBlt, CreatePen, SelectObject, CreateBitmap, RestoreDC, SaveDC, CreateDCA, CreateCompatibleBitmap, GetPolyFillMode, GetStretchBltMode, GetROP2, GetBkColor, GetBkMode, GetTextColor, CreateRoundRectRgn, CreateEllipticRgn, PathToRegion, EndPath, BeginPath, GetWindowOrgEx, GetViewportOrgEx, GetWindowExtEx, GetTextExtentPoint32A, GetDIBits
                            WINSPOOL.DRVOpenPrinterA, DocumentPropertiesA, ClosePrinter
                            ADVAPI32.dllRegQueryValueExA, RegOpenKeyExA, RegSetValueExA, RegQueryValueA, RegCreateKeyExA, RegOpenKeyA, RegCloseKey
                            SHELL32.dllSHGetSpecialFolderPathA, Shell_NotifyIconA, SHChangeNotify, ShellExecuteA, DragQueryFileA, DragFinish, DragAcceptFiles
                            ole32.dllOleRun, CLSIDFromString, OleUninitialize, OleInitialize, CLSIDFromProgID, CoCreateInstance
                            OLEAUT32.dllUnRegisterTypeLib, LoadTypeLib, LHashValOfNameSys, RegisterTypeLib, SafeArrayPutElement, SafeArrayCreate, SafeArrayDestroy, SysAllocString, VariantInit, VariantCopyInd, SafeArrayGetElement, SafeArrayAccessData, SafeArrayUnaccessData, SafeArrayGetDim, SafeArrayGetLBound, SafeArrayGetUBound, VariantChangeType, VariantClear
                            COMCTL32.dllImageList_Add, ImageList_BeginDrag, ImageList_Create, ImageList_Destroy, ImageList_DragEnter, ImageList_DragLeave, ImageList_DragMove, ImageList_DragShowNolock, ImageList_EndDrag
                            WININET.dllInternetCanonicalizeUrlA, InternetCrackUrlA, HttpOpenRequestA, HttpSendRequestA, HttpQueryInfoA, InternetConnectA, InternetSetOptionA, InternetOpenA, InternetCloseHandle, InternetReadFile
                            comdlg32.dllChooseColorA, GetFileTitleA, GetSaveFileNameA, GetOpenFileNameA
                            Language of compilation systemCountry where language is spokenMap
                            ChineseChina
                            No network behavior found

                            Click to jump to process

                            Click to jump to process

                            Target ID:0
                            Start time:03:21:14
                            Start date:20/11/2024
                            Path:C:\Users\user\Desktop\99.exe
                            Wow64 process (32bit):true
                            Commandline:"C:\Users\user\Desktop\99.exe"
                            Imagebase:0x400000
                            File size:2'240'512 bytes
                            MD5 hash:D493468D3A2924D4C9C235451C67E2AA
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language
                            Reputation:low
                            Has exited:false

                            Reset < >

                              Execution Graph

                              Execution Coverage:2.4%
                              Dynamic/Decrypted Code Coverage:26.9%
                              Signature Coverage:24.6%
                              Total number of Nodes:1232
                              Total number of Limit Nodes:49
                              execution_graph 103855 10027c40 103856 10027c86 103855->103856 103857 10027c4d 103855->103857 103858 10027c56 103857->103858 103860 10027c5b 103857->103860 103863 10027ae0 GetModuleHandleA 103858->103863 103860->103856 103861 10027c6b IsBadReadPtr 103860->103861 103861->103856 103862 10027c78 RtlFreeHeap 103861->103862 103862->103856 103863->103860 103864 5286b0 103869 52c1c0 GetLocalTime GetSystemTime 103864->103869 103868 5286cb 103870 52c225 GetTimeZoneInformation 103869->103870 103871 52c1ea 103869->103871 103872 52c21e 103870->103872 103871->103870 103871->103872 103876 536582 103872->103876 103875 5288cd 61 API calls 103875->103868 103877 53659b 103876->103877 103879 5286bb 103876->103879 103877->103879 103882 536a3e 103877->103882 103879->103875 103883 536a47 103882->103883 103884 5365c6 103882->103884 103891 531fa4 103883->103891 103884->103879 103890 536cf3 29 API calls _wctomb_s 103884->103890 103886 536a4e 103887 536a5d 103886->103887 103906 536a6c 103886->103906 103934 532005 LeaveCriticalSection 103887->103934 103890->103879 103892 531ffa EnterCriticalSection 103891->103892 103893 531fbc 103891->103893 103892->103886 103935 52b067 103893->103935 103897 531fa4 _wctomb_s 27 API calls 103899 531fda 103897->103899 103898 531fd2 103898->103897 103900 531fe1 InitializeCriticalSection 103899->103900 103901 531feb 103899->103901 103903 531ff0 103900->103903 103939 52af7e 103901->103939 103956 532005 LeaveCriticalSection 103903->103956 103905 531ff8 103905->103892 103907 531fa4 _wctomb_s 29 API calls 103906->103907 103908 536a82 103907->103908 103987 529ee2 103908->103987 103911 536aad 103993 532005 LeaveCriticalSection 103911->103993 103912 536ce7 103998 532005 LeaveCriticalSection 103912->103998 103915 536ab3 GetTimeZoneInformation 103919 536ac9 WideCharToMultiByte 103915->103919 103929 536b93 _wctomb_s 103915->103929 103916 536baa _wctomb_s 103916->103912 103917 52af7e _wctomb_s 29 API calls 103916->103917 103918 536bd8 _wctomb_s 103917->103918 103921 52b067 _wctomb_s 29 API calls 103918->103921 103922 536b56 WideCharToMultiByte 103919->103922 103923 536be5 103921->103923 103922->103929 103923->103912 103925 536bf5 _wctomb_s 103923->103925 103994 532005 LeaveCriticalSection 103925->103994 103927 536c02 _wctomb_s 103995 52a38d 6 API calls _wctomb_s 103927->103995 103929->103887 103930 536c32 103930->103929 103996 52a38d 6 API calls _wctomb_s 103930->103996 103932 536c60 103932->103929 103997 52a38d 6 API calls _wctomb_s 103932->103997 103934->103884 103957 52b079 103935->103957 103938 52988f 7 API calls _wctomb_s 103938->103898 103940 52b058 103939->103940 103941 52afac 103939->103941 103940->103903 103942 52aff1 103941->103942 103943 52afb6 103941->103943 103946 531fa4 _wctomb_s 28 API calls 103942->103946 103955 52afe2 103942->103955 103944 531fa4 _wctomb_s 28 API calls 103943->103944 103947 52afbd _wctomb_s 103944->103947 103945 52b04a RtlFreeHeap 103945->103940 103951 52affd _wctomb_s 103946->103951 103948 52afd7 103947->103948 103983 533258 VirtualFree VirtualFree HeapFree _wctomb_s 103947->103983 103984 52afe8 LeaveCriticalSection _wctomb_s 103948->103984 103950 52b029 103986 52b040 LeaveCriticalSection _wctomb_s 103950->103986 103951->103950 103985 533fdf VirtualFree HeapFree VirtualFree _wctomb_s 103951->103985 103955->103940 103955->103945 103956->103905 103958 52b076 103957->103958 103960 52b080 _wctomb_s 103957->103960 103958->103898 103958->103938 103960->103958 103961 52b0a5 103960->103961 103962 52b0d2 103961->103962 103965 52b115 103961->103965 103963 531fa4 _wctomb_s 28 API calls 103962->103963 103969 52b100 103962->103969 103966 52b0e8 103963->103966 103964 52b184 RtlAllocateHeap 103975 52b107 103964->103975 103968 52b137 103965->103968 103965->103969 103979 533581 5 API calls __startOneArgErrorHandling 103966->103979 103971 531fa4 _wctomb_s 28 API calls 103968->103971 103969->103964 103969->103975 103970 52b0f3 103980 52b10c LeaveCriticalSection _wctomb_s 103970->103980 103973 52b13e 103971->103973 103981 534024 6 API calls __startOneArgErrorHandling 103973->103981 103975->103960 103976 52b151 103982 52b16b LeaveCriticalSection _wctomb_s 103976->103982 103978 52b15e 103978->103969 103978->103975 103979->103970 103980->103969 103981->103976 103982->103978 103983->103948 103984->103955 103985->103950 103986->103955 103988 529ef4 103987->103988 103989 529f51 103987->103989 103988->103989 103991 529f05 _wctomb_s 103988->103991 103999 532059 46 API calls _wctomb_s 103988->103999 103989->103911 103989->103916 103991->103989 104000 53201a 9 API calls _wctomb_s 103991->104000 103993->103915 103994->103927 103995->103930 103996->103932 103997->103929 103998->103929 103999->103991 104000->103991 104001 53d4bb 104034 5456a0 104001->104034 104004 53d4f0 104045 545118 104004->104045 104005 53d4d9 CallNextHookEx 104006 53d6a8 104005->104006 104009 53d618 CallNextHookEx 104009->104006 104019 53d69b UnhookWindowsHookEx 104009->104019 104010 53d575 104014 53d626 GetWindowLongA 104010->104014 104015 53d57d 104010->104015 104011 53d529 GetClassLongA 104011->104009 104012 53d53d 104011->104012 104017 53d561 lstrcmpiA 104012->104017 104018 53d54a GlobalGetAtomNameA 104012->104018 104014->104009 104016 53d636 GetPropA 104014->104016 104050 53d227 58 API calls 104015->104050 104016->104009 104021 53d649 SetPropA GetPropA 104016->104021 104017->104009 104017->104010 104018->104017 104019->104006 104021->104009 104022 53d65d GlobalAddAtomA 104021->104022 104023 53d672 104022->104023 104024 53d677 SetWindowLongA 104022->104024 104023->104024 104024->104009 104025 53d603 104027 53d608 SetWindowLongA 104025->104027 104026 53d585 104026->104025 104051 53d017 104026->104051 104027->104009 104030 53d5cf 104031 53d5d4 GetWindowLongA 104030->104031 104032 53d5f1 104031->104032 104032->104009 104033 53d5f5 SetWindowLongA 104032->104033 104033->104009 104035 5456d6 TlsGetValue 104034->104035 104036 5456a9 104034->104036 104038 5456e9 104035->104038 104037 5456c3 104036->104037 104071 5452a0 RaiseException TlsAlloc InitializeCriticalSection 104036->104071 104061 545339 EnterCriticalSection 104037->104061 104040 53d4d0 104038->104040 104041 5456fc 104038->104041 104040->104004 104040->104005 104072 5454a8 8 API calls __startOneArgErrorHandling 104041->104072 104043 5456d4 104043->104035 104046 5456a0 21 API calls 104045->104046 104047 545127 104046->104047 104048 53d500 104047->104048 104074 545735 104047->104074 104048->104009 104048->104010 104048->104011 104050->104026 104052 53d021 __EH_prolog 104051->104052 104053 5456a0 21 API calls 104052->104053 104054 53d039 104053->104054 104055 53d096 104054->104055 104088 53cea4 GetWindowRect GetWindowLongA 104054->104088 104082 53e045 104055->104082 104058 53d0bf 104058->104025 104058->104030 104067 545358 104061->104067 104062 5453a5 GlobalHandle GlobalUnlock GlobalReAlloc 104066 5453c7 104062->104066 104063 545392 GlobalAlloc 104063->104066 104064 545414 __startOneArgErrorHandling 104065 545429 LeaveCriticalSection 104064->104065 104065->104043 104068 5453d5 GlobalHandle GlobalLock LeaveCriticalSection 104066->104068 104069 5453f0 GlobalLock 104066->104069 104067->104062 104067->104063 104067->104064 104073 53985b RaiseException 104068->104073 104069->104064 104071->104037 104072->104040 104075 54573f __EH_prolog 104074->104075 104076 54576d 104075->104076 104080 5463ea 6 API calls 104075->104080 104076->104048 104078 545756 104081 54645a LeaveCriticalSection 104078->104081 104080->104078 104081->104076 104090 53e089 104082->104090 104157 53d149 104082->104157 104083 53e067 104084 53d0a7 104083->104084 104162 53da7b 104083->104162 104084->104058 104089 53cec7 92 API calls 104084->104089 104088->104055 104089->104058 104091 53e093 __EH_prolog 104090->104091 104092 53e0c2 104091->104092 104093 53e0aa 104091->104093 104094 53e107 104092->104094 104095 53e0f7 104092->104095 104146 53e0b5 104092->104146 104167 53e628 104093->104167 104097 53e124 104094->104097 104098 53e10c 104094->104098 104173 53d1e2 58 API calls 104095->104173 104176 5463ea 6 API calls 104097->104176 104175 53cfa1 66 API calls 104098->104175 104099 53e0fd 104174 53cf40 64 API calls 104099->104174 104102 53e11c 104102->104097 104102->104146 104104 53e145 104106 53e163 104104->104106 104112 53e18a 104104->104112 104105 53e207 104178 54645a LeaveCriticalSection 104105->104178 104177 54645a LeaveCriticalSection 104106->104177 104109 53e225 104179 54645a LeaveCriticalSection 104109->104179 104110 53e253 104114 53e40d 104110->104114 104115 53e451 104110->104115 104116 53e291 104110->104116 104117 53e41a 104110->104117 104118 53e3c3 104110->104118 104119 53e448 104110->104119 104120 53e34d 104110->104120 104121 53e376 104110->104121 104122 53e27a 104110->104122 104123 53e43a 104110->104123 104124 53e3f9 104110->104124 104125 53e3e1 104110->104125 104126 53e460 104110->104126 104127 53e264 104110->104127 104128 53e4e8 104110->104128 104129 53e3ef 104110->104129 104110->104146 104150 53e29f 104110->104150 104151 53e30c 104110->104151 104111 53e241 GetVersion 104111->104110 104112->104105 104112->104109 104112->104128 104195 53d1e2 58 API calls 104114->104195 104199 53d1e2 58 API calls 104115->104199 104182 53d1e2 58 API calls 104116->104182 104196 53d1e2 58 API calls 104117->104196 104190 53d1e2 58 API calls 104118->104190 104198 53d1e2 58 API calls 104119->104198 104188 53d1e2 58 API calls 104120->104188 104189 540b71 57 API calls 104121->104189 104181 53d1e2 58 API calls 104122->104181 104197 53d1e2 58 API calls 104123->104197 104194 540b71 57 API calls 104124->104194 104192 541901 57 API calls 104125->104192 104126->104146 104200 53d1e2 58 API calls 104126->104200 104180 541901 57 API calls 104127->104180 104201 54645a LeaveCriticalSection 104128->104201 104193 540b71 57 API calls 104129->104193 104130 53e170 104130->104110 104130->104111 104130->104146 104146->104083 104147 53e3cb 104191 53d1e2 58 API calls 104147->104191 104183 53d209 104150->104183 104187 541994 58 API calls __EH_prolog 104151->104187 104154 53e2cb 104186 53d871 58 API calls __EH_prolog 104154->104186 104158 5456a0 21 API calls 104157->104158 104159 53d15b 104158->104159 104161 53da7b 2 API calls 104159->104161 104160 53d16e 104160->104083 104161->104160 104163 53daaa CallWindowProcA 104162->104163 104164 53da88 104162->104164 104165 53dabd 104163->104165 104164->104163 104166 53da96 DefWindowProcA 104164->104166 104165->104084 104166->104165 104168 53e680 104167->104168 104172 53e646 104167->104172 104169 5456a0 21 API calls 104168->104169 104170 53e68f 104169->104170 104170->104172 104202 53ea97 104170->104202 104172->104146 104173->104099 104174->104094 104175->104102 104176->104104 104177->104130 104178->104146 104179->104130 104180->104146 104181->104146 104182->104146 104184 53d170 57 API calls 104183->104184 104185 53d210 104184->104185 104185->104154 104186->104151 104187->104146 104188->104146 104189->104146 104190->104147 104191->104146 104192->104146 104193->104146 104194->104146 104195->104146 104196->104146 104197->104146 104198->104146 104199->104146 104200->104146 104201->104146 104203 53eaa1 __EH_prolog 104202->104203 104214 53d170 104203->104214 104205 53eaad 104206 53eac3 GetParent 104205->104206 104207 53eb21 104205->104207 104213 53eb19 104205->104213 104209 53ead2 104206->104209 104208 53ea6a 72 API calls 104207->104208 104208->104213 104209->104213 104222 53ea6a 104209->104222 104213->104172 104215 53d17a __EH_prolog 104214->104215 104228 54513e 104215->104228 104217 53d180 104220 53d1be 104217->104220 104233 53b520 104217->104233 104220->104205 104223 5456a0 21 API calls 104222->104223 104224 53ea7c 104223->104224 104238 53eb3b 104224->104238 104227 53d871 58 API calls __EH_prolog 104227->104213 104229 545118 28 API calls 104228->104229 104230 545143 104229->104230 104231 5456a0 21 API calls 104230->104231 104232 545154 104231->104232 104232->104217 104235 53b526 104233->104235 104234 52b067 _wctomb_s 29 API calls 104234->104235 104235->104234 104236 53b544 104235->104236 104236->104220 104237 5411f9 29 API calls __EH_prolog 104236->104237 104237->104220 104239 53eb80 104238->104239 104240 53eb45 SendMessageA 104238->104240 104244 53eb96 104239->104244 104241 53eb66 104240->104241 104243 53ea93 104241->104243 104243->104227 104245 53ec15 104244->104245 104246 53eba9 104244->104246 104249 53ec2a 104245->104249 104252 53ec40 104245->104252 104247 53ebed 104246->104247 104250 53ebab 104246->104250 104258 5401e7 104247->104258 104253 53e089 73 API calls 104249->104253 104250->104249 104250->104252 104255 53ebbe 104250->104255 104251 53ebe8 104251->104243 104252->104251 104254 53e089 73 API calls 104252->104254 104253->104251 104254->104251 104255->104252 104256 53ebc3 104255->104256 104257 5401e7 28 API calls 104256->104257 104257->104251 104259 5401f7 104258->104259 104261 5401fc 104258->104261 104260 545118 28 API calls 104259->104260 104260->104261 104261->104251 104262 53fab8 104263 53fac2 104262->104263 104264 53fad3 104262->104264 104266 53ce8a 104263->104266 104269 53ce21 GetWindowLongA 104266->104269 104270 53ce42 SetWindowLongA 104269->104270 104271 53ce3e 104269->104271 104270->104271 104272 53ce58 SetWindowPos 104270->104272 104271->104264 104272->104271 104273 4c8a20 104276 4c23c0 104273->104276 104275 4c8a4f 104277 4c23d5 104276->104277 104287 4c2493 104276->104287 104278 4c23f0 104277->104278 104281 4c2409 104277->104281 104288 4c07f0 132 API calls 104278->104288 104280 4c23ff 104280->104275 104282 4c2436 104281->104282 104285 4c244f 104281->104285 104289 4c07f0 132 API calls 104282->104289 104284 4c2445 104284->104275 104285->104287 104290 4c07f0 132 API calls 104285->104290 104287->104275 104288->104280 104289->104284 104290->104287 104291 53d43f 104292 545735 7 API calls 104291->104292 104297 53d453 104292->104297 104293 53d49d 104295 53d4a1 104293->104295 104298 53d2e0 104293->104298 104297->104293 104325 53efb4 7 API calls 104297->104325 104326 52d0f4 104298->104326 104300 53d2ea GetPropA 104301 53d3ca 104300->104301 104302 53d31d 104300->104302 104332 53d1e2 58 API calls 104301->104332 104304 53d326 104302->104304 104305 53d3a9 104302->104305 104308 53d385 SetWindowLongA RemovePropA GlobalFindAtomA GlobalDeleteAtom 104304->104308 104309 53d32b 104304->104309 104330 53d1e2 58 API calls 104305->104330 104307 53d3d2 104333 53d1e2 58 API calls 104307->104333 104310 53d3e8 CallWindowProcA 104308->104310 104309->104310 104313 53d336 104309->104313 104314 53d371 104310->104314 104311 53d3af 104331 53cfa1 66 API calls 104311->104331 104327 53d1e2 58 API calls 104313->104327 104314->104295 104316 53d3da 104334 53cf40 64 API calls 104316->104334 104318 53d3c1 104321 53d3e4 104318->104321 104320 53d33c 104328 53cea4 GetWindowRect GetWindowLongA 104320->104328 104321->104310 104321->104314 104323 53d34c CallWindowProcA 104329 53cec7 92 API calls 104323->104329 104325->104293 104326->104300 104327->104320 104328->104323 104329->104314 104330->104311 104331->104318 104332->104307 104333->104316 104334->104321 104335 10027a50 104336 10027a61 104335->104336 104337 10027a8a 104335->104337 104336->104337 104338 10027a64 104336->104338 104353 10026b52 ReleaseMutex 104337->104353 104347 10027aa0 GetProcessHeap 104338->104347 104342 10027a9b 104346 10027a85 104348 10027a6f 104347->104348 104349 10029790 104348->104349 104354 10027474 104349->104354 104352 10026b52 ReleaseMutex 104352->104346 104353->104342 104355 1002747c 104354->104355 104358 10018a96 104355->104358 104357 10027481 104357->104352 104359 10018aab 104358->104359 104362 10018ad3 104359->104362 104361 10018ab0 104361->104357 104363 10018aee 104362->104363 104409 10018eea CreateMutexA 104363->104409 104365 10018af3 104366 10018eea CreateMutexA 104365->104366 104367 10018afd HeapCreate 104366->104367 104368 10018b23 104367->104368 104369 10018b3a HeapCreate 104367->104369 104368->104369 104370 10018b60 104369->104370 104411 1000188f 104370->104411 104372 10018bc0 104417 1000b61e 104372->104417 104374 10018bdc 104375 1000188f 17 API calls 104374->104375 104376 10018c3b 104375->104376 104377 1000b61e 7 API calls 104376->104377 104378 10018c57 104377->104378 104379 1000188f 17 API calls 104378->104379 104380 10018cb6 104379->104380 104381 1000b61e 7 API calls 104380->104381 104382 10018cd2 104381->104382 104383 1000188f 17 API calls 104382->104383 104384 10018d31 104383->104384 104385 1000b61e 7 API calls 104384->104385 104386 10018d4d 104385->104386 104387 1000188f 17 API calls 104386->104387 104388 10018dac 104387->104388 104389 1000b61e 7 API calls 104388->104389 104390 10018dc8 104389->104390 104423 1000710e 104390->104423 104392 10018df2 104433 10018f34 104392->104433 104394 10018dfc 104447 100191e3 104394->104447 104396 10018e06 104459 1000ff10 104396->104459 104398 10018e37 104468 100114f9 104398->104468 104400 10018e43 104401 1000ff10 18 API calls 104400->104401 104402 10018e8f 104401->104402 104403 100114f9 18 API calls 104402->104403 104404 10018e9b 104403->104404 104474 10019f4c 104404->104474 104408 10018ecc 104408->104361 104410 10018f14 104409->104410 104410->104365 104416 100018bd 104411->104416 104412 10001ac2 104485 100283f0 104412->104485 104415 10001ae8 104415->104372 104416->104412 104512 10028090 _CIfmod 104416->104512 104418 1000b631 104417->104418 104524 1000b75c 104418->104524 104420 1000b65c 104421 1000b6cb LdrGetDllHandleEx 104420->104421 104422 1000b6ee 104421->104422 104422->104374 104424 10007121 104423->104424 104425 100071de GetVersionExA 104424->104425 104426 10007273 104425->104426 104547 10027ca0 104426->104547 104428 100072d2 104429 10007362 GetSystemInfo 104428->104429 104432 100074c6 104428->104432 104430 100073f5 104429->104430 104431 10007495 RtlGetNtVersionNumbers 104430->104431 104431->104432 104432->104392 104434 10018f4e 104433->104434 104436 10018f7e 104434->104436 104555 100289c0 104434->104555 104436->104394 104437 10018fad 104438 1000b61e 7 API calls 104437->104438 104439 10019053 104438->104439 104440 1000188f 17 API calls 104439->104440 104441 10019077 104440->104441 104442 10019081 104441->104442 104560 10006051 LdrGetProcedureAddress 104442->104560 104444 1001918a 104444->104436 104445 100190a4 104445->104444 104561 10001d56 IsBadCodePtr 104445->104561 104448 10019205 104447->104448 104450 10019212 104448->104450 104563 100188e1 104448->104563 104450->104396 104451 10019221 104568 100193c2 104451->104568 104453 100192bd 104454 100193c2 38 API calls 104453->104454 104455 10019331 104454->104455 104588 100198cc 104455->104588 104457 1001936a 104458 100198cc 25 API calls 104457->104458 104458->104450 104644 10027f20 104459->104644 104461 1000ff39 104462 10027f20 4 API calls 104461->104462 104463 1000ff58 104462->104463 104464 1000ffe0 RtlComputeCrc32 104463->104464 104465 10010003 104464->104465 104657 10010057 104465->104657 104467 10010034 104467->104398 104469 1001150f 104468->104469 104473 10011520 104468->104473 104470 1000188f 17 API calls 104469->104470 104470->104473 104471 10001d56 IsBadCodePtr 104472 1001161a 104471->104472 104472->104400 104473->104471 104475 10018ec7 104474->104475 104476 10019f74 104474->104476 104484 1001a236 47 API calls 104475->104484 104680 10019ff3 104476->104680 104480 10019fa2 104482 10019fd3 104480->104482 104483 1001a0ce 21 API calls 104480->104483 104689 10007fdd 104482->104689 104483->104480 104484->104408 104486 10028478 104485->104486 104496 1002840f 104485->104496 104487 10028483 104486->104487 104488 10028574 104486->104488 104489 10028489 104487->104489 104490 1002854f sprintf 104487->104490 104491 100285f2 104488->104491 104492 1002857b 104488->104492 104493 10028674 104489->104493 104499 10028517 104489->104499 104500 100284f9 104489->104500 104501 1002858f sprintf 104489->104501 104505 1002849e 104489->104505 104490->104505 104497 1002862a sprintf 104491->104497 104498 100285f9 104491->104498 104494 100285ce sprintf 104492->104494 104495 1002857d 104492->104495 104493->104415 104494->104505 104502 10028584 104495->104502 104503 100285ae sprintf 104495->104503 104496->104493 104513 10028380 ExitProcess GetProcessHeap RtlAllocateHeap MessageBoxA 104496->104513 104497->104505 104498->104493 104504 10028604 sprintf 104498->104504 104515 10029dc0 6 API calls 104499->104515 104514 10028380 ExitProcess GetProcessHeap RtlAllocateHeap MessageBoxA 104500->104514 104501->104505 104502->104493 104502->104501 104503->104505 104504->104505 104505->104493 104516 10027bb0 104505->104516 104509 10028469 104509->104415 104510 10028508 104510->104415 104512->104416 104513->104509 104514->104510 104515->104505 104517 10027bc4 RtlAllocateHeap 104516->104517 104518 10027bb9 GetProcessHeap 104516->104518 104519 10027bf5 104517->104519 104520 10027bd9 MessageBoxA 104517->104520 104518->104517 104519->104493 104523 10027b10 ExitProcess 104520->104523 104522 10027bf2 104522->104519 104523->104522 104525 1000b76f 104524->104525 104528 1000210d 104525->104528 104527 1000b7c1 104527->104420 104529 1000212e 104528->104529 104530 10002149 MultiByteToWideChar 104529->104530 104531 10002178 104530->104531 104539 100021b9 104531->104539 104540 100280c0 104531->104540 104533 100021dc 104534 1000220e MultiByteToWideChar 104533->104534 104535 10002239 104534->104535 104535->104539 104545 100286c0 ExitProcess GetProcessHeap RtlAllocateHeap MessageBoxA 104535->104545 104537 100022ce 104537->104539 104546 100286f0 ExitProcess GetProcessHeap RtlAllocateHeap MessageBoxA 104537->104546 104539->104527 104541 100280c9 104540->104541 104542 100280cd 104540->104542 104541->104533 104543 10027bb0 4 API calls 104542->104543 104544 100280d6 104543->104544 104544->104533 104545->104537 104546->104539 104548 10027cb1 104547->104548 104549 10027cb6 104547->104549 104554 10027ae0 GetModuleHandleA 104548->104554 104551 10027d14 104549->104551 104552 10027bb0 4 API calls 104549->104552 104551->104428 104553 10027cf9 104552->104553 104553->104428 104554->104549 104556 100289c9 104555->104556 104557 100289cd 104555->104557 104556->104437 104558 10027bb0 4 API calls 104557->104558 104559 100289d8 104558->104559 104559->104437 104560->104445 104562 10001d82 104561->104562 104562->104444 104564 100289c0 4 API calls 104563->104564 104565 1001890c 104564->104565 104566 10018926 GetSystemDirectoryA 104565->104566 104567 10018944 104566->104567 104567->104451 104569 100193ea 104568->104569 104603 100294c0 104569->104603 104571 10019463 104572 1001947d CopyFileA 104571->104572 104573 100194a0 104572->104573 104610 10028d40 CreateFileA 104573->104610 104575 100194da 104576 10028d40 8 API calls 104575->104576 104577 10019550 104575->104577 104576->104577 104615 10028e50 DeleteFileA 104577->104615 104579 1001959d 104616 10006495 104579->104616 104581 100195b3 104582 100195e3 RtlAllocateHeap 104581->104582 104585 10019832 104581->104585 104583 1001960e 104582->104583 104622 10008edd 26 API calls 104583->104622 104585->104453 104587 1001966e 104623 100094fb 26 API calls 104587->104623 104589 1001996d 104588->104589 104624 10019e6e 104589->104624 104591 10019977 104592 10019e6e 23 API calls 104591->104592 104593 100199e4 104592->104593 104594 10019e6e 23 API calls 104593->104594 104595 10019a2e 104594->104595 104596 10019e6e 23 API calls 104595->104596 104601 10019a78 104596->104601 104597 10019e55 104597->104457 104598 10019afa lstrlen 104598->104601 104600 10019e6e 23 API calls 104600->104601 104601->104597 104601->104598 104601->104600 104602 10027ca0 GetModuleHandleA ExitProcess GetProcessHeap RtlAllocateHeap MessageBoxA 104601->104602 104628 1000b48d 104601->104628 104602->104601 104604 100294d1 GetTempPathA 104603->104604 104605 100294e5 104603->104605 104604->104605 104606 10029543 GetTickCount wsprintfA PathFileExistsA 104605->104606 104606->104606 104607 1002956b 104606->104607 104608 10027bb0 4 API calls 104607->104608 104609 1002957f 104608->104609 104609->104571 104611 10028d64 GetFileSize 104610->104611 104612 10028da9 104610->104612 104613 10027bb0 4 API calls 104611->104613 104612->104575 104614 10028d7d ReadFile CloseHandle 104613->104614 104614->104612 104615->104579 104617 100064ad 104616->104617 104618 1000679e 104617->104618 104619 1000652f RtlMoveMemory 104617->104619 104618->104581 104620 10006669 104619->104620 104621 10027ca0 5 API calls 104620->104621 104621->104618 104622->104587 104623->104585 104625 10019e8e 104624->104625 104632 1000b266 104625->104632 104627 10019ea7 104627->104591 104629 1000b4a7 104628->104629 104630 100289c0 4 API calls 104629->104630 104631 1000b4e6 104630->104631 104631->104601 104633 1000b2ac 104632->104633 104638 1000b287 104632->104638 104641 100084a4 21 API calls 104633->104641 104635 1000b2b4 104636 1000b306 104635->104636 104637 1000b2bc 104635->104637 104636->104638 104643 1000b3f0 21 API calls 104636->104643 104637->104638 104642 1000b353 21 API calls 104637->104642 104638->104627 104641->104635 104642->104638 104643->104638 104645 10027f40 104644->104645 104647 10027f4c 104645->104647 104648 10027f80 104645->104648 104646 10027feb 104646->104461 104665 100297e0 ExitProcess GetProcessHeap RtlAllocateHeap MessageBoxA 104647->104665 104648->104646 104649 10027f9b 104648->104649 104654 10027fc2 104648->104654 104666 100297e0 ExitProcess GetProcessHeap RtlAllocateHeap MessageBoxA 104649->104666 104652 10027f76 104652->104461 104653 10027fb8 104653->104461 104667 100297e0 ExitProcess GetProcessHeap RtlAllocateHeap MessageBoxA 104654->104667 104656 10027fe1 104656->104461 104658 1001006f 104657->104658 104659 100283f0 16 API calls 104658->104659 104660 10010097 104659->104660 104668 10028ad0 104660->104668 104662 100100cc 104675 10028b30 104662->104675 104664 10010173 104664->104467 104665->104652 104666->104653 104667->104656 104669 10028b23 104668->104669 104670 10028ae4 104668->104670 104669->104662 104670->104669 104671 10027bb0 4 API calls 104670->104671 104672 10028afa 104671->104672 104673 10028b05 strncpy 104672->104673 104674 10028b19 104672->104674 104673->104673 104673->104674 104674->104662 104676 10028b91 104675->104676 104677 10028b45 104675->104677 104676->104664 104677->104676 104678 10027bb0 4 API calls 104677->104678 104679 10028b68 104678->104679 104679->104664 104681 1001a00d 104680->104681 104694 1001a031 104681->104694 104684 1001a0ce 104685 10027f20 4 API calls 104684->104685 104686 1001a0f7 104685->104686 104709 1001a199 104686->104709 104688 1001a16d 104688->104480 104690 100280c0 4 API calls 104689->104690 104691 1000800f 104690->104691 104720 10007db8 104691->104720 104693 10008052 104693->104475 104695 1001a047 104694->104695 104696 1001a0a1 104694->104696 104697 1000188f 17 API calls 104695->104697 104704 10004b1b 104696->104704 104699 1001a058 104697->104699 104708 100031b3 6 API calls 104699->104708 104700 10019f88 104700->104475 104700->104684 104702 1001a074 104703 1001a087 InterlockedExchange 104702->104703 104703->104696 104705 10004b2e 104704->104705 104706 10004b3d 104704->104706 104705->104700 104706->104705 104706->104706 104707 10004baa LdrInitializeThunk 104706->104707 104707->104700 104708->104702 104710 1001a1af 104709->104710 104718 1001a209 104709->104718 104712 1000188f 17 API calls 104710->104712 104711 10004b1b LdrInitializeThunk 104713 1001a22b 104711->104713 104714 1001a1c0 104712->104714 104713->104688 104719 100031b3 6 API calls 104714->104719 104716 1001a1dc 104717 1001a1ef InterlockedExchange 104716->104717 104717->104718 104718->104711 104719->104716 104721 10007dce 104720->104721 104722 10007e28 104720->104722 104723 1000188f 17 API calls 104721->104723 104724 10004b1b LdrInitializeThunk 104722->104724 104725 10007ddf 104723->104725 104726 10007e4a 104724->104726 104730 100031b3 6 API calls 104725->104730 104726->104693 104728 10007dfb 104729 10007e0e InterlockedExchange 104728->104729 104729->104722 104730->104728 104731 529787 GetVersion 104763 52f8dd HeapCreate 104731->104763 104733 5297e5 104734 5297f2 104733->104734 104735 5297ea 104733->104735 104775 52f69a 37 API calls __startOneArgErrorHandling 104734->104775 104783 5298b4 8 API calls _wctomb_s 104735->104783 104738 5297f7 104740 529803 104738->104740 104741 5297fb 104738->104741 104776 52f4de 34 API calls _wctomb_s 104740->104776 104784 5298b4 8 API calls _wctomb_s 104741->104784 104745 52980d GetCommandLineA 104777 52f3ac 37 API calls _wctomb_s 104745->104777 104747 52981d 104785 52f15f 49 API calls _wctomb_s 104747->104785 104749 529827 104778 52f0a6 48 API calls _wctomb_s 104749->104778 104751 52982c 104752 529831 GetStartupInfoA 104751->104752 104779 52f04e 48 API calls 104752->104779 104754 529843 104755 52984c 104754->104755 104756 529855 GetModuleHandleA 104755->104756 104780 5391ea 104756->104780 104760 529870 104787 52eed6 36 API calls __startOneArgErrorHandling 104760->104787 104762 529881 104764 52f933 104763->104764 104765 52f8fd 104763->104765 104764->104733 104788 52f795 57 API calls _wctomb_s 104765->104788 104767 52f902 104768 52f919 104767->104768 104769 52f90c 104767->104769 104771 52f936 104768->104771 104790 533d2c 5 API calls __startOneArgErrorHandling 104768->104790 104789 5331e5 HeapAlloc 104769->104789 104771->104733 104772 52f916 104772->104771 104774 52f927 HeapDestroy 104772->104774 104774->104764 104775->104738 104776->104745 104777->104747 104778->104751 104779->104754 104791 5417e9 104780->104791 104785->104749 104786 52e009 32 API calls 104786->104760 104787->104762 104788->104767 104789->104772 104790->104772 104803 54054d 104791->104803 104794 545118 28 API calls 104795 5417fb 104794->104795 104808 545f6e SetErrorMode SetErrorMode 104795->104808 104799 529867 104799->104786 104800 541830 104834 54682d 60 API calls _wctomb_s 104800->104834 104804 54513e 28 API calls 104803->104804 104805 540552 104804->104805 104806 54055e 104805->104806 104807 545118 28 API calls 104805->104807 104806->104794 104807->104806 104809 545118 28 API calls 104808->104809 104810 545f85 104809->104810 104811 545118 28 API calls 104810->104811 104812 545f94 104811->104812 104813 545fba 104812->104813 104835 545fd1 104812->104835 104815 545118 28 API calls 104813->104815 104816 545fbf 104815->104816 104817 541813 104816->104817 104854 540562 104816->104854 104817->104800 104819 53b64c 104817->104819 104826 4a7444 104817->104826 104822 53b661 104819->104822 104823 53b658 104819->104823 104820 53b669 104884 52960b 104820->104884 104822->104820 104824 53b6a8 104822->104824 104823->104800 104825 53b520 29 API calls 104824->104825 104825->104823 104827 4a744e 104826->104827 104893 4a742e 104827->104893 104829 4a7456 104896 415962 104829->104896 104831 4a746d 104899 401712 104831->104899 104833 4a7472 104833->104800 104834->104799 104836 545118 28 API calls 104835->104836 104837 545fe4 GetModuleFileNameA 104836->104837 104865 52b737 104837->104865 104839 546016 104871 5460ee lstrlenA lstrcpynA 104839->104871 104841 546032 104842 546048 104841->104842 104876 52cd71 29 API calls _wctomb_s 104841->104876 104853 546082 104842->104853 104872 5410cf 104842->104872 104844 54609a lstrcpyA 104878 52cd71 29 API calls _wctomb_s 104844->104878 104845 5460b5 104848 5460c4 lstrcatA 104845->104848 104850 5460e2 104845->104850 104879 52cd71 29 API calls _wctomb_s 104848->104879 104850->104813 104853->104844 104853->104845 104855 545118 28 API calls 104854->104855 104857 540567 104855->104857 104856 5405bf 104856->104817 104857->104856 104881 544ee6 104857->104881 104860 545735 7 API calls 104861 54059d 104860->104861 104862 5405aa 104861->104862 104864 545118 28 API calls 104861->104864 104863 5456a0 21 API calls 104862->104863 104863->104856 104864->104862 104866 52b754 104865->104866 104870 52b745 104865->104870 104867 531fa4 _wctomb_s 29 API calls 104866->104867 104868 52b75c 104867->104868 104880 532005 LeaveCriticalSection 104868->104880 104870->104839 104871->104841 104873 545118 28 API calls 104872->104873 104874 5410d5 LoadStringA 104873->104874 104875 5410f0 104874->104875 104877 52cd71 29 API calls _wctomb_s 104875->104877 104876->104842 104877->104853 104878->104845 104879->104850 104880->104870 104882 5456a0 21 API calls 104881->104882 104883 540573 GetCurrentThreadId SetWindowsHookExA 104882->104883 104883->104860 104891 52d0f4 104884->104891 104886 529615 EnterCriticalSection 104887 529633 104886->104887 104888 529664 LeaveCriticalSection 104886->104888 104892 53b009 29 API calls 104887->104892 104888->104823 104890 529645 104890->104888 104891->104886 104892->104890 104902 4167b2 104893->104902 104895 4a7433 104895->104829 104911 415987 104896->104911 104898 415974 104898->104831 104916 41ae72 104899->104916 104900 401724 104900->104833 104903 4167bc 104902->104903 104906 416bb4 104903->104906 104905 41695f 104905->104895 104907 416bca 104906->104907 104909 416bdb 104906->104909 104910 416d22 GetPEB VirtualAlloc LoadLibraryA 104907->104910 104909->104905 104910->104909 104914 4159dc GetPEB 104911->104914 104913 4159c8 104913->104898 104915 4159f1 104914->104915 104915->104913 104915->104915 104917 41aea3 104916->104917 104919 41ae99 104916->104919 104920 41cb04 GetPEB 104917->104920 104919->104900 104920->104919 104921 53d825 104922 53d831 104921->104922 104925 53d73f 104922->104925 104926 545118 28 API calls 104925->104926 104927 53d789 104926->104927 104931 53d7a4 104927->104931 104932 53d6b1 104927->104932 104933 5456a0 21 API calls 104932->104933 104934 53d6c2 104933->104934 104935 53d6f5 CreateWindowExA 104934->104935 104936 53d6d3 GetCurrentThreadId SetWindowsHookExA 104934->104936 104939 53d6fd 104935->104939 104936->104935 104937 53d6f0 104936->104937 104946 53985b RaiseException 104937->104946 104940 5456a0 21 API calls 104939->104940 104941 53d70d 104940->104941 104942 545118 28 API calls 104941->104942 104943 53d714 104942->104943 104944 53d721 UnhookWindowsHookEx 104943->104944 104945 53d72c 104943->104945 104944->104945 104945->104931 104947 53ff84 104948 53ffd3 104947->104948 104949 53ff92 104947->104949 104951 5406af 116 API calls 104948->104951 104952 53ff98 104948->104952 104953 5406af 104949->104953 104951->104952 104954 540783 104953->104954 104955 5406bf 104953->104955 104956 545118 28 API calls 104954->104956 104957 5406f9 104955->104957 104959 5406d2 IsWindowVisible 104955->104959 104958 540788 104956->104958 104960 545118 28 API calls 104957->104960 104961 5456a0 21 API calls 104958->104961 104959->104957 104962 5406dd 104959->104962 104963 5406fe 104960->104963 104964 540799 104961->104964 104965 53d017 108 API calls 104962->104965 104966 5456a0 21 API calls 104963->104966 104967 5407aa 104964->104967 104985 5410f6 28 API calls 104964->104985 104968 5406ec 104965->104968 104975 54070f 104966->104975 104967->104952 104980 53e8c5 112 API calls 104968->104980 104971 5407a3 104986 5410ff 58 API calls _wctomb_s 104971->104986 104973 540733 IsWindowVisible 104973->104975 104976 540748 104973->104976 104975->104967 104975->104973 104975->104976 104979 53fbbb ShowWindow 104975->104979 104981 53fbbb 104975->104981 104977 53d017 108 API calls 104976->104977 104984 53e8c5 112 API calls 104976->104984 104977->104976 104979->104975 104980->104957 104982 53fbc2 ShowWindow 104981->104982 104983 53fbd1 104981->104983 104982->104983 104983->104973 104984->104975 104985->104971 104986->104967 104987 4a9af0 104988 4a9bab 104987->104988 104989 4a9b28 104987->104989 105002 53bd9b 104989->105002 104991 4a9b30 105005 53bf09 104991->105005 104993 4a9b93 105026 53be4c 39 API calls __EH_prolog 104993->105026 104995 4a9b82 105025 53c124 38 API calls 104995->105025 104996 4a9b9f 105027 53bdd9 23 API calls 104996->105027 104997 4a9b57 104997->104993 104997->104995 105018 53c060 104997->105018 105001 4a9b8a 105001->104993 105028 53bdb1 GetLastError 105002->105028 105004 53bda7 105004->104991 105031 53b76a 105005->105031 105013 53c013 105013->104997 105014 53bfef 105014->105013 105015 53bff6 GetLastError 105014->105015 105016 53c005 105015->105016 105017 53b91c 35 API calls 105016->105017 105017->105013 105019 53c0a5 105018->105019 105020 53c06e WriteFile 105018->105020 105019->104997 105021 53c085 GetLastError 105020->105021 105023 53c094 105020->105023 105098 540be4 36 API calls 105021->105098 105023->105019 105099 540ca5 36 API calls __EH_prolog 105023->105099 105025->105001 105026->104996 105027->104988 105029 5456a0 21 API calls 105028->105029 105030 53bdca SetLastError 105029->105030 105030->105004 105032 53b772 105031->105032 105033 53b787 105031->105033 105034 53b91c 35 API calls 105032->105034 105035 53c235 105033->105035 105034->105033 105055 52d0f4 105035->105055 105037 53c23f GetFullPathNameA 105038 53c262 lstrcpynA 105037->105038 105039 53c274 105037->105039 105047 53bf41 105038->105047 105056 53c305 105039->105056 105042 53c2e4 105063 53b7df 105042->105063 105043 53c2a5 105044 53c2b2 105043->105044 105045 53c2ab CharUpperA 105043->105045 105044->105042 105048 53c2b8 FindFirstFileA 105044->105048 105045->105044 105050 53b91c 105047->105050 105048->105042 105049 53c2cd FindClose lstrcpyA 105048->105049 105049->105042 105051 53b928 105050->105051 105052 53b92c lstrlenA 105050->105052 105088 53b89f 105051->105088 105052->105051 105054 53b93c CreateFileA 105054->105013 105054->105014 105055->105037 105068 53bbc3 105056->105068 105058 53c317 __startOneArgErrorHandling 105059 53c323 lstrcpynA 105058->105059 105060 53c336 105059->105060 105074 53bc12 105060->105074 105064 53b807 105063->105064 105065 53b7ef InterlockedDecrement 105063->105065 105064->105047 105065->105064 105066 53b7fd 105065->105066 105087 53b6ce 31 API calls 105066->105087 105069 53bbd6 105068->105069 105070 53bc0a 105069->105070 105071 53b64c 31 API calls 105069->105071 105070->105058 105072 53bbed _wctomb_s 105071->105072 105079 53b747 32 API calls 105072->105079 105080 53b788 105074->105080 105076 53bc1a 105077 53bc23 lstrlenA 105076->105077 105078 53bc2b GetVolumeInformationA 105076->105078 105077->105078 105078->105042 105078->105043 105079->105070 105081 53b7a3 _wctomb_s 105080->105081 105082 53b794 105080->105082 105081->105076 105086 53b716 32 API calls 105082->105086 105084 53b799 105085 53b64c 31 API calls 105084->105085 105085->105081 105086->105084 105087->105064 105091 53b7b6 105088->105091 105090 53b8ad _wctomb_s 105090->105054 105092 53b7c6 105091->105092 105093 53b7da 105092->105093 105097 53b716 32 API calls 105092->105097 105093->105090 105095 53b7d2 105096 53b64c 31 API calls 105095->105096 105096->105093 105097->105095 105098->105023 105100 4ad790 105101 4ad79c 105100->105101 105106 4ad7ac 105100->105106 105109 4ad860 7 API calls 105101->105109 105103 4ad7a6 105104 4ad82a RtlAllocateHeap 105108 4ad841 105104->105108 105105 4ad81f GetProcessHeap 105105->105104 105106->105104 105106->105105 105107 4ad7b4 105106->105107 105109->105103 105110 41715a 105115 416e5a GetPEB 105110->105115 105112 41727f LoadLibraryA 105113 41716a 105112->105113 105113->105112 105114 417170 105113->105114 105116 416ee7 105115->105116 105116->105113 105117 416ffa 105118 416e5a GetPEB 105117->105118 105119 417008 105118->105119 105120 41700c 105119->105120 105121 417048 VirtualAlloc 105119->105121 105122 417057 105121->105122 105123 4cb610 105124 4cb9c2 105123->105124 105125 4cb646 105123->105125 105125->105124 105174 4adee0 7 API calls 105125->105174 105128 4cb9d8 105129 53b76a 35 API calls 105128->105129 105130 4cb9e3 105129->105130 105138 4cb9f0 105130->105138 105209 4de250 31 API calls 105130->105209 105131 4cb955 105131->105128 105136 4cb9a1 105131->105136 105132 4cb8c4 SendMessageA 105146 4cb682 105132->105146 105133 52a336 6 API calls 105133->105146 105139 53b7df 32 API calls 105136->105139 105137 4cba02 105137->105138 105143 53bd9b 23 API calls 105137->105143 105140 53b91c 35 API calls 105138->105140 105145 4cbd9e 105138->105145 105142 4cb9ac 105139->105142 105140->105145 105141 52a418 6 API calls 105141->105146 105208 4ad970 GetProcessHeap HeapFree 105142->105208 105144 4cba17 105143->105144 105152 4cba45 105144->105152 105170 4cba5c 105144->105170 105175 4cb4b0 105145->105175 105146->105131 105146->105132 105146->105133 105146->105141 105148 52a423 6 API calls 105146->105148 105165 4cbb4f 105146->105165 105201 53dbad 105146->105201 105207 4c98c0 7 API calls 105146->105207 105148->105146 105150 4adee0 7 API calls 105150->105165 105210 53bdd9 23 API calls 105152->105210 105153 53b7df 32 API calls 105155 4cbdba 105153->105155 105219 4ad970 GetProcessHeap HeapFree 105155->105219 105157 4cbdd0 105159 4cbb2d 105160 4cbb31 105159->105160 105159->105165 105212 53bdd9 23 API calls 105160->105212 105161 4cbd2d 105215 4ad970 GetProcessHeap HeapFree 105161->105215 105165->105150 105165->105161 105213 4e1c10 67 API calls 105165->105213 105214 4df010 55 API calls 105165->105214 105166 4cbd41 105216 4ad970 GetProcessHeap HeapFree 105166->105216 105167 4cba53 105218 4de250 31 API calls 105167->105218 105170->105159 105170->105160 105211 4de8c0 31 API calls 105170->105211 105171 4cbd56 105217 53bdd9 23 API calls 105171->105217 105174->105146 105220 53b84d 67 API calls _wctomb_s 105175->105220 105177 4cb4d8 105221 53bb6f 35 API calls 105177->105221 105179 4cb519 105180 4cb548 wsprintfA 105179->105180 105181 4cb530 wsprintfA 105179->105181 105182 4cb562 105180->105182 105181->105182 105222 53bb6f 35 API calls 105182->105222 105183 4cb4ee 105183->105179 105227 53bb6f 35 API calls 105183->105227 105186 4cb571 105187 4cb59c 105186->105187 105228 53bb6f 35 API calls 105186->105228 105189 53dbad 38 API calls 105187->105189 105191 4cb5b7 105189->105191 105190 4cb592 105229 53bbab 34 API calls 105190->105229 105223 52a544 29 API calls _wctomb_s 105191->105223 105194 4cb5c6 105195 4cb5da 105194->105195 105224 53fae9 105194->105224 105197 53b7df 32 API calls 105195->105197 105198 4cb5e8 105197->105198 105199 53b7df 32 API calls 105198->105199 105200 4cb5f9 105199->105200 105200->105153 105202 53dbb7 GetWindowTextLengthA 105201->105202 105203 53dbe3 105201->105203 105230 53bc3a 105202->105230 105203->105146 105206 53bc12 35 API calls 105206->105203 105207->105146 105208->105124 105209->105137 105210->105167 105211->105170 105212->105167 105213->105165 105214->105165 105215->105166 105216->105171 105217->105167 105218->105138 105219->105157 105220->105177 105221->105183 105222->105186 105223->105194 105225 53faf0 SetWindowTextA 105224->105225 105226 53faff 105224->105226 105225->105226 105226->105195 105227->105179 105228->105190 105229->105187 105231 53bbc3 34 API calls 105230->105231 105232 53bc48 GetWindowTextA 105231->105232 105232->105206 105233 53d28f 105234 53d2a1 105233->105234 105235 53d29c 105233->105235 105236 53d209 57 API calls 105234->105236 105237 53d2aa 105236->105237 105238 53d2c5 DefWindowProcA 105237->105238 105239 53d2b3 105237->105239 105238->105235 105240 53d017 108 API calls 105239->105240 105240->105235 105241 4c8950 105244 4e6870 GetProcessHeap 105241->105244 105245 4e68e5 GetModuleFileNameA 105244->105245 105246 4e68d3 OleInitialize 105244->105246 105247 52b737 29 API calls 105245->105247 105246->105245 105248 4e6907 105247->105248 105249 4e692b 105248->105249 105250 4e6910 105248->105250 105251 53b76a 35 API calls 105249->105251 105252 53b91c 35 API calls 105250->105252 105253 4e6927 105251->105253 105252->105253 105254 53b91c 35 API calls 105253->105254 105255 4e694a SetCurrentDirectoryA 105254->105255 105256 4e696d 105255->105256 105257 4e69a1 LoadCursorA GetStockObject 105256->105257 105297 4c9f00 105257->105297 105260 53d73f 32 API calls 105261 4e69f1 GetCurrentThreadId 105260->105261 105262 4e6a06 105261->105262 105267 4e6a7a 105262->105267 105303 4adee0 7 API calls 105262->105303 105264 4c895d 105265 4e6a4b 105304 4adee0 7 API calls 105265->105304 105269 4e6b3f 105267->105269 105307 4adee0 7 API calls 105267->105307 105269->105264 105272 53bd9b 23 API calls 105269->105272 105270 4e6a59 105305 4adee0 7 API calls 105270->105305 105271 4e6b26 105308 4adee0 7 API calls 105271->105308 105277 4e6b6b 105272->105277 105275 4e6a69 105306 4adee0 7 API calls 105275->105306 105309 5426de 29 API calls __EH_prolog 105277->105309 105279 4e6bae 105310 4bd030 46 API calls 105279->105310 105281 4e6bc1 105311 5427ba 32 API calls __EH_prolog 105281->105311 105283 4e6bda 105312 542f86 39 API calls __EH_prolog 105283->105312 105285 4e6be6 105313 53bdd9 23 API calls 105285->105313 105288 4e6d0c 105315 4ad970 GetProcessHeap HeapFree 105288->105315 105290 4e6d14 105316 4bcf70 64 API calls 105290->105316 105292 4e6d2a 105317 4ad970 GetProcessHeap HeapFree 105292->105317 105294 4e6d8e 105318 4ad970 GetProcessHeap HeapFree 105294->105318 105296 4e6bee 105314 4bc5f0 7 API calls 105296->105314 105298 545118 28 API calls 105297->105298 105299 4c9f0a GetClassInfoA 105298->105299 105300 4c9f6a 105299->105300 105301 4c9f22 105299->105301 105300->105260 105319 53dd82 32 API calls __EH_prolog 105301->105319 105303->105265 105304->105270 105305->105275 105306->105267 105307->105271 105308->105269 105309->105279 105310->105281 105311->105283 105312->105285 105313->105296 105314->105288 105315->105290 105316->105292 105317->105294 105318->105264 105319->105300 105320 4c8970 105323 4c0410 105320->105323 105322 4c8981 105324 4c043b 105323->105324 105325 4c04d5 105323->105325 105327 4c0463 GetProcAddress 105324->105327 105328 4c045a 105324->105328 105326 4c0503 105325->105326 105349 4c0776 105325->105349 105396 52a418 6 API calls _wctomb_s 105325->105396 105339 4c0641 105326->105339 105341 4c052e _wctomb_s 105326->105341 105332 4c04b8 105327->105332 105333 4c0483 105327->105333 105393 52a418 6 API calls _wctomb_s 105328->105393 105332->105322 105394 4c9e60 65 API calls 105333->105394 105335 4c0646 LoadLibraryA 105337 4c0656 GetProcAddress 105335->105337 105335->105339 105336 4c0493 105395 4c07f0 132 API calls 105336->105395 105337->105339 105339->105335 105343 4c069c 105339->105343 105345 4c0688 FreeLibrary 105339->105345 105340 4c060c LoadLibraryA 105340->105343 105344 4c0619 GetProcAddress 105340->105344 105341->105340 105346 4c055a 105341->105346 105347 4c0582 105341->105347 105342 4c04a7 105348 53b7df 32 API calls 105342->105348 105343->105349 105353 4c06b8 105343->105353 105354 4c06b1 FreeLibrary 105343->105354 105344->105343 105351 4c0629 105344->105351 105345->105339 105352 53ba28 38 API calls 105346->105352 105383 53ba28 105347->105383 105348->105332 105349->105322 105351->105343 105356 4c0566 LoadLibraryA 105352->105356 105359 4c06c9 105353->105359 105360 4c0720 105353->105360 105354->105353 105358 53b7df 32 API calls 105356->105358 105357 53ba28 38 API calls 105361 4c05ac LoadLibraryA 105357->105361 105362 4c0576 105358->105362 105397 4c9e60 65 API calls 105359->105397 105399 4c9e60 65 API calls 105360->105399 105364 53b7df 32 API calls 105361->105364 105362->105344 105362->105347 105367 4c05bc 105364->105367 105366 4c06de 105398 4c07f0 132 API calls 105366->105398 105370 53b7df 32 API calls 105367->105370 105368 4c0734 105400 4c07f0 132 API calls 105368->105400 105373 4c05cd 105370->105373 105372 4c06f9 105375 53b7df 32 API calls 105372->105375 105373->105344 105379 4c0604 105373->105379 105380 53ba28 38 API calls 105373->105380 105374 4c074f 105376 53b7df 32 API calls 105374->105376 105378 4c070a 105375->105378 105377 4c0760 105376->105377 105377->105322 105378->105322 105379->105340 105379->105344 105381 4c05f4 LoadLibraryA 105380->105381 105382 53b7df 32 API calls 105381->105382 105382->105379 105384 53ba32 __EH_prolog 105383->105384 105385 53ba51 lstrlenA 105384->105385 105386 53ba4d 105384->105386 105385->105386 105401 53b984 105386->105401 105388 53ba6f 105405 53b554 105388->105405 105391 53b7df 32 API calls 105392 4c0598 105391->105392 105392->105357 105393->105327 105394->105336 105395->105342 105396->105326 105397->105366 105398->105372 105399->105368 105400->105374 105402 53b998 105401->105402 105403 53b99e _wctomb_s 105401->105403 105404 53b64c 31 API calls 105402->105404 105403->105388 105404->105403 105406 53b563 InterlockedIncrement 105405->105406 105407 53b571 105405->105407 105408 53b581 105406->105408 105409 53b91c 35 API calls 105407->105409 105408->105391 105409->105408 105410 50f1cd 105411 50f205 CallWindowProcA 105410->105411 105412 50f1d9 105410->105412 105413 50f1e7 105412->105413 105414 50f1ee SendMessageA 105412->105414 105413->105411 105414->105412 105415 4d0db0 105416 53bd9b 23 API calls 105415->105416 105419 4d0dde 105416->105419 105418 4d0f9c 105420 53b520 29 API calls 105419->105420 105425 4d0f8d 105419->105425 105421 4d0ea1 105420->105421 105422 53b520 29 API calls 105421->105422 105421->105425 105439 4d0ece 105421->105439 105423 4d0edb CreateIconFromResourceEx 105422->105423 105427 4d0f28 105423->105427 105428 4d0f44 105423->105428 105424 53b549 29 API calls 105424->105425 105443 53bdd9 23 API calls 105425->105443 105427->105428 105430 4d0f2f CreateIconFromResource 105427->105430 105440 53b549 105428->105440 105430->105428 105432 4d0f9e 105444 53bdd9 23 API calls 105432->105444 105433 4d0f54 105433->105425 105436 4d0f6a DestroyIcon 105433->105436 105437 4d0f74 105433->105437 105435 4d0fba 105436->105437 105438 53b549 29 API calls 105437->105438 105437->105439 105438->105439 105439->105424 105441 52af7e _wctomb_s 29 API calls 105440->105441 105442 4d0f4a 105441->105442 105442->105432 105442->105433 105443->105418 105444->105435

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 473 4c0410-4c0435 474 4c043b-4c0446 473->474 475 4c04d5-4c04e4 473->475 478 4c0448-4c0452 474->478 479 4c0455-4c0458 474->479 476 4c0799-4c07aa 475->476 477 4c04ea-4c04fa 475->477 480 4c04fc-4c0506 call 52a418 477->480 481 4c050b-4c0528 call 4ae130 477->481 478->479 482 4c046d 479->482 483 4c045a-4c046b call 52a418 479->483 480->481 493 4c052e-4c0541 call 52b410 481->493 494 4c0641 481->494 487 4c046f-4c0481 GetProcAddress 482->487 483->487 491 4c04b8-4c04d2 call 4c03f0 487->491 492 4c0483-4c04b3 call 4c9e60 call 4c07f0 call 53b7df 487->492 492->491 507 4c060c-4c0613 LoadLibraryA 493->507 508 4c0547-4c0558 493->508 497 4c0646-4c0654 LoadLibraryA 494->497 501 4c0656-4c0664 GetProcAddress 497->501 502 4c0691-4c069a 497->502 505 4c067c-4c0686 501->505 506 4c0666-4c0671 501->506 502->497 510 4c069c-4c06a7 502->510 505->510 513 4c0688-4c068f FreeLibrary 505->513 506->505 512 4c0673-4c0679 506->512 507->510 511 4c0619-4c0627 GetProcAddress 507->511 514 4c055a-4c0578 call 53ba28 LoadLibraryA call 53b7df 508->514 515 4c0582-4c05cf call 53ba28 * 2 LoadLibraryA call 53b7df * 2 508->515 517 4c06ad-4c06af 510->517 518 4c0776-4c0778 510->518 511->510 522 4c0629-4c0634 511->522 512->505 513->502 514->511 538 4c057e 514->538 515->511 552 4c05d1-4c05e2 515->552 524 4c06b8-4c06c7 call 4ae130 517->524 525 4c06b1-4c06b2 FreeLibrary 517->525 520 4c077a-4c0785 518->520 521 4c0790-4c0796 518->521 520->521 528 4c0787-4c078d 520->528 521->476 522->510 529 4c0636-4c063f 522->529 534 4c06c9-4c071d call 4c9e60 call 4c07f0 call 53b7df 524->534 535 4c0720-4c0773 call 4c9e60 call 4c07f0 call 53b7df 524->535 525->524 528->521 529->510 538->515 556 4c0604-4c0606 552->556 557 4c05e4-4c05ff call 53ba28 LoadLibraryA call 53b7df 552->557 556->511 558 4c0608 556->558 557->556 558->507
                              APIs
                              • GetProcAddress.KERNEL32(00000000,006086E4), ref: 004C0477
                              • LoadLibraryA.KERNEL32(?,?,00619038), ref: 004C0569
                              • LoadLibraryA.KERNELBASE(?,?), ref: 004C05AF
                              • LoadLibraryA.KERNELBASE(?,?,00618F40,00000001), ref: 004C05F7
                              • LoadLibraryA.KERNEL32(00000001), ref: 004C060D
                              • GetProcAddress.KERNEL32(00000000,?), ref: 004C061F
                              • FreeLibrary.KERNEL32(00000000), ref: 004C06B2
                              Memory Dump Source
                              • Source File: 00000000.00000002.3434813036.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                              • Associated: 00000000.00000002.3434766312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435007049.000000000054C000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435101431.00000000005F5000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435161295.00000000005F7000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435180881.00000000005F9000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435200925.0000000000602000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435218251.0000000000603000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435236346.0000000000608000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435252552.000000000060A000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000646000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000064B000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435370961.000000000064E000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_400000_99.jbxd
                              Similarity
                              • API ID: Library$Load$AddressProc$Free
                              • String ID:
                              • API String ID: 3120990465-0
                              • Opcode ID: af5b466582a9bbe5395a0c20424f28dc8265024dfb8312346019c10b641de42c
                              • Instruction ID: 2f565f59142293fe6c292e2f67064bb13704f629a7d507380d1138919a8410aa
                              • Opcode Fuzzy Hash: af5b466582a9bbe5395a0c20424f28dc8265024dfb8312346019c10b641de42c
                              • Instruction Fuzzy Hash: 5AA1FFB9600702ABD754DF64C884FABB7A8FFD5314F040A2EF95587340DB38A915CBA5

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 581 53c235-53c260 call 52d0f4 GetFullPathNameA 584 53c262-53c26f lstrcpynA 581->584 585 53c274-53c2a3 call 53c305 GetVolumeInformationA 581->585 586 53c2f5-53c302 584->586 589 53c2e7-53c2f3 call 53b7df 585->589 590 53c2a5-53c2a9 585->590 589->586 591 53c2b2-53c2b6 590->591 592 53c2ab-53c2ac CharUpperA 590->592 595 53c2e4-53c2e6 591->595 596 53c2b8-53c2cb FindFirstFileA 591->596 592->591 595->589 596->595 597 53c2cd-53c2de FindClose lstrcpyA 596->597 597->595
                              APIs
                              • __EH_prolog.LIBCMT ref: 0053C23A
                              • GetFullPathNameA.KERNEL32(?,00000104,?,?,?,?), ref: 0053C258
                              • lstrcpynA.KERNEL32(?,?,00000104), ref: 0053C267
                              • GetVolumeInformationA.KERNELBASE(?,00000000,00000000,00000000,?,?,00000000,00000000,?,?), ref: 0053C29B
                              • CharUpperA.USER32(?), ref: 0053C2AC
                              • FindFirstFileA.KERNEL32(?,?), ref: 0053C2C2
                              • FindClose.KERNEL32(00000000), ref: 0053C2CE
                              • lstrcpyA.KERNEL32(?,?), ref: 0053C2DE
                              Memory Dump Source
                              • Source File: 00000000.00000002.3434813036.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                              • Associated: 00000000.00000002.3434766312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435007049.000000000054C000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435101431.00000000005F5000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435161295.00000000005F7000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435180881.00000000005F9000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435200925.0000000000602000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435218251.0000000000603000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435236346.0000000000608000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435252552.000000000060A000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000646000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000064B000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435370961.000000000064E000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_400000_99.jbxd
                              Similarity
                              • API ID: Find$CharCloseFileFirstFullH_prologInformationNamePathUpperVolumelstrcpylstrcpyn
                              • String ID:
                              • API String ID: 304730633-0
                              • Opcode ID: 16af2ff38a1741608a3c43362314aec3f855a2bc0df194c0bd47392ca774ada8
                              • Instruction ID: 27e3e59456fd6731127f7b809222b371dbe9b2ff85a01adaf680953075ddc7df
                              • Opcode Fuzzy Hash: 16af2ff38a1741608a3c43362314aec3f855a2bc0df194c0bd47392ca774ada8
                              • Instruction Fuzzy Hash: 1F218979901119ABCB109FA4DC48AEF7FBCFF86764F008126F955E20A0D7708A49DBA0

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 884 52c1c0-52c1e8 GetLocalTime GetSystemTime 885 52c225-52c235 GetTimeZoneInformation 884->885 886 52c1ea-52c1f5 884->886 887 52c252 885->887 888 52c237-52c23a 885->888 886->885 889 52c1f7-52c202 886->889 892 52c255-52c269 887->892 890 52c24e-52c250 888->890 891 52c23c-52c241 888->891 889->885 893 52c204-52c20f 889->893 890->892 891->890 894 52c243-52c247 891->894 895 52c26a-52c289 call 536582 892->895 893->885 896 52c211-52c21c 893->896 894->890 898 52c249-52c24c 894->898 900 52c28e-52c296 895->900 896->885 897 52c21e-52c223 896->897 897->895 898->892 901 52c29a-52c29b 900->901 902 52c298 900->902 902->901
                              APIs
                              • GetLocalTime.KERNEL32(?), ref: 0052C1CD
                              • GetSystemTime.KERNEL32(?), ref: 0052C1D7
                              • GetTimeZoneInformation.KERNELBASE(?), ref: 0052C22C
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.3434813036.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                              • Associated: 00000000.00000002.3434766312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435007049.000000000054C000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435101431.00000000005F5000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435161295.00000000005F7000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435180881.00000000005F9000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435200925.0000000000602000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435218251.0000000000603000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435236346.0000000000608000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435252552.000000000060A000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000646000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000064B000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435370961.000000000064E000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_400000_99.jbxd
                              Similarity
                              • API ID: Time$InformationLocalSystemZone
                              • String ID: ~d
                              • API String ID: 2475273158-525493669
                              • Opcode ID: 2bd4c9b4474493736cd5a5f8fb919f93016b7f2a310e03a11ffe84313dab6bca
                              • Instruction ID: 21fc2703d34b14c280a43fc9565cb6fe3e48b484a84aa669b23da6201cef9306
                              • Opcode Fuzzy Hash: 2bd4c9b4474493736cd5a5f8fb919f93016b7f2a310e03a11ffe84313dab6bca
                              • Instruction Fuzzy Hash: F5218E2D80402AE6DB20EFD8F804AFE7FBABF0A714F505551F881A60D1EB748C86D764
                              APIs
                                • Part of subcall function 100294C0: GetTempPathA.KERNELBASE(00000104,00000000,00000000,1002C201,00000264), ref: 100294DB
                                • Part of subcall function 100294C0: GetTickCount.KERNEL32 ref: 10029543
                                • Part of subcall function 100294C0: wsprintfA.USER32 ref: 10029558
                                • Part of subcall function 100294C0: PathFileExistsA.KERNELBASE(?), ref: 10029565
                              • CopyFileA.KERNEL32(00000000,00000000,00000000), ref: 10019491
                              • RtlAllocateHeap.NTDLL(00000008,?,00000000,?,00000000,00000001,?,?,?,00000000), ref: 100195FF
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.3437150810.0000000010000000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_10000000_99.jbxd
                              Similarity
                              • API ID: FilePath$AllocateCopyCountExistsHeapTempTickwsprintf
                              • String ID: @
                              • API String ID: 183890193-2766056989
                              • Opcode ID: 094b6bc326079ddd2d965c8e3793aa750dede3325ae0d73e81acd5dd6e2b6923
                              • Instruction ID: 886d6a9a19e72094fdb0421fea6300c5803c3cbfa718e8e798f15b8255d4c358
                              • Opcode Fuzzy Hash: 094b6bc326079ddd2d965c8e3793aa750dede3325ae0d73e81acd5dd6e2b6923
                              • Instruction Fuzzy Hash: 26D142B5E40209ABEB01DFD4DCC2F9EB7B4FF18704F540065F604BA282E776A9548B66
                              APIs
                              • GetVersionExA.KERNEL32(00000000,10006DE0), ref: 10007264
                              • GetSystemInfo.KERNELBASE(00000000,?), ref: 100073E6
                              • RtlGetNtVersionNumbers.NTDLL(?,?,00000000), ref: 100074B7
                              Memory Dump Source
                              • Source File: 00000000.00000002.3437150810.0000000010000000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_10000000_99.jbxd
                              Similarity
                              • API ID: Version$InfoNumbersSystem
                              • String ID:
                              • API String ID: 995872648-0
                              • Opcode ID: 4db5fb4a3d4e00142a26ff1c95db703d9d4110d6a3e51e96ae052a8b9dbbdf6b
                              • Instruction ID: 6910099e4755c4c9484fada616f008788a9246664730439cfdd765e490be93a4
                              • Opcode Fuzzy Hash: 4db5fb4a3d4e00142a26ff1c95db703d9d4110d6a3e51e96ae052a8b9dbbdf6b
                              • Instruction Fuzzy Hash: 001225B5E40246DBFB00CFA8DC81799B7F0FF19364F290065E909AB345E379A951CB62
                              APIs
                              • lstrlen.KERNEL32(00000000,FFFFFFFF,00000000,?,00000000,00000000,00000001,FFFFFFFF,00000000,?,FFFFFFFF,00000000,?,FFFFFFFF,00000000), ref: 10019B06
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.3437150810.0000000010000000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_10000000_99.jbxd
                              Similarity
                              • API ID: lstrlen
                              • String ID: Z$w
                              • API String ID: 1659193697-2716038989
                              • Opcode ID: b821f9bf040da37c44fd0503dcae877c7611da7f3909d027b8be583757176cb2
                              • Instruction ID: 282b89e6495933af6440fbbb597b1de90ef5dffa39cee2d72f7ed257570ffe54
                              • Opcode Fuzzy Hash: b821f9bf040da37c44fd0503dcae877c7611da7f3909d027b8be583757176cb2
                              • Instruction Fuzzy Hash: 550202B0D0061CDBEB10DFE1E9897EDBBB4FF48340F2140A4E485BA249DB725AA5CB55
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.3437150810.0000000010000000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_10000000_99.jbxd
                              Similarity
                              • API ID: Close
                              • String ID: `+8w
                              • API String ID: 3535843008-4152678778
                              • Opcode ID: 76ebdb1f9ae7fad4396e4606b060dc1f1c005ed102ca8efddb9a9d5d028a9210
                              • Instruction ID: f7734d6dfd281f4cec539f69a8a4743609fe5589cfe20e3980177d77de103c32
                              • Opcode Fuzzy Hash: 76ebdb1f9ae7fad4396e4606b060dc1f1c005ed102ca8efddb9a9d5d028a9210
                              • Instruction Fuzzy Hash: 92112EB5D40308BBEB50DFE0DC86B9DBBB8EF05340F108069E6447A281D7B66B588B91
                              APIs
                              • __EH_prolog.LIBCMT ref: 0053E08E
                              • GetVersion.KERNEL32(00000007,?,?,00000000,00000000,?,0000C000,00000000,00000000,00000007), ref: 0053E241
                              Memory Dump Source
                              • Source File: 00000000.00000002.3434813036.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                              • Associated: 00000000.00000002.3434766312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435007049.000000000054C000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435101431.00000000005F5000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435161295.00000000005F7000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435180881.00000000005F9000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435200925.0000000000602000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435218251.0000000000603000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435236346.0000000000608000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435252552.000000000060A000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000646000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000064B000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435370961.000000000064E000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_400000_99.jbxd
                              Similarity
                              • API ID: H_prologVersion
                              • String ID:
                              • API String ID: 1836448879-0
                              • Opcode ID: 2c56ecb5d6cfe52b841234dfb17fcc68b406f67823da229fc5d21eaad059f4be
                              • Instruction ID: 1b1673e4003e2e14c68ed9fa771887b76583eac4942a779b55fa2cd96c0881bc
                              • Opcode Fuzzy Hash: 2c56ecb5d6cfe52b841234dfb17fcc68b406f67823da229fc5d21eaad059f4be
                              • Instruction Fuzzy Hash: E6E1597060021AABDF149F64CC86ABE7FF9FF48314F208915F816AB281D775EA11DB61
                              APIs
                                • Part of subcall function 10018EEA: CreateMutexA.KERNELBASE(00000000,00000000,00000000,?,10018AF3), ref: 10018F05
                              • HeapCreate.KERNELBASE(00000000,00000000,00000000), ref: 10018B14
                              • HeapCreate.KERNELBASE(00040000,00000000,00000000), ref: 10018B51
                                • Part of subcall function 1000FF10: RtlComputeCrc32.NTDLL(00000000,00000001,00000000), ref: 1000FFF4
                              Memory Dump Source
                              • Source File: 00000000.00000002.3437150810.0000000010000000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_10000000_99.jbxd
                              Similarity
                              • API ID: Create$Heap$ComputeCrc32Mutex
                              • String ID:
                              • API String ID: 3311811139-0
                              • Opcode ID: 9a351e1243e265833069ffbda416112d0eb9d2fee80185d79aac6a55443b64bb
                              • Instruction ID: 66fc46a93c8d8d126791b072413d70454ec7258938680aadaad6e332e46fbde2
                              • Opcode Fuzzy Hash: 9a351e1243e265833069ffbda416112d0eb9d2fee80185d79aac6a55443b64bb
                              • Instruction Fuzzy Hash: B8B10CB5E00309ABEB10EFE4DCC2B9E77B8FB14340F504465E618EB246E775AB448B52
                              Memory Dump Source
                              • Source File: 00000000.00000002.3434813036.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                              • Associated: 00000000.00000002.3434766312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435007049.000000000054C000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435101431.00000000005F5000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435161295.00000000005F7000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435180881.00000000005F9000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435200925.0000000000602000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435218251.0000000000603000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435236346.0000000000608000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435252552.000000000060A000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000646000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000064B000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435370961.000000000064E000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_400000_99.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 75b8cc17067c6c33b443b48967448d8141aae73d2d4d47ed43c92b71e15033b4
                              • Instruction ID: 7f3822466abe897ed7fd5283d062eff614f94bbd8e25af5d4def4ad15996f3b0
                              • Opcode Fuzzy Hash: 75b8cc17067c6c33b443b48967448d8141aae73d2d4d47ed43c92b71e15033b4
                              • Instruction Fuzzy Hash: FD215EB6B017018FE720DF69D884A53B7E9EBA5325B10C83FE266C7610D779E804CB54
                              APIs
                              • LdrInitializeThunk.NTDLL(-0000007F), ref: 10004BAD
                              Memory Dump Source
                              • Source File: 00000000.00000002.3437150810.0000000010000000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_10000000_99.jbxd
                              Similarity
                              • API ID: InitializeThunk
                              • String ID:
                              • API String ID: 2994545307-0
                              • Opcode ID: e502fa12d724a17ec6793826f56d8639c8130a795048e16d13a0eb84edd9aa86
                              • Instruction ID: 7f13cb2829284cec5adb7bd0b88e9c5a5f53f04c1fb2448feb0c9f08ba257be5
                              • Opcode Fuzzy Hash: e502fa12d724a17ec6793826f56d8639c8130a795048e16d13a0eb84edd9aa86
                              • Instruction Fuzzy Hash: 0111C4B1600645DBFB20DF18C894B5973A5EB413D9F128336E806CB2E8CB78DD85C789
                              APIs
                              • InterlockedExchange.KERNEL32(1002D511,00000000), ref: 1001A1FA
                              Memory Dump Source
                              • Source File: 00000000.00000002.3437150810.0000000010000000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_10000000_99.jbxd
                              Similarity
                              • API ID: ExchangeInterlocked
                              • String ID:
                              • API String ID: 367298776-0
                              • Opcode ID: fdea1bf63a2f3fbf83a69b9166c7a3f248e31975ffa5506ce454b9bb650ff928
                              • Instruction ID: 8b03ad6f155dc1ffa3c952e4c0ec4cfc85cd69f7d418c3f1b48ca094e25b3ce2
                              • Opcode Fuzzy Hash: fdea1bf63a2f3fbf83a69b9166c7a3f248e31975ffa5506ce454b9bb650ff928
                              • Instruction Fuzzy Hash: EF012975D04319A7DB00EFD49C82F9E77B9EB05340F404066E50466151D775DB949B92
                              APIs
                              • CreateMutexA.KERNELBASE(00000000,00000000,00000000,?,10018AF3), ref: 10018F05
                              Memory Dump Source
                              • Source File: 00000000.00000002.3437150810.0000000010000000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_10000000_99.jbxd
                              Similarity
                              • API ID: CreateMutex
                              • String ID:
                              • API String ID: 1964310414-0
                              • Opcode ID: 8e252e712528da66640590098dfb9258a448d5e56a455f4eb85160379f0f4c55
                              • Instruction ID: b5123a5caac3b4bfff5d25017b882f5dc189a7960400f6af0356bf2a3b5a090f
                              • Opcode Fuzzy Hash: 8e252e712528da66640590098dfb9258a448d5e56a455f4eb85160379f0f4c55
                              • Instruction Fuzzy Hash: 49E01270E95308F7E120AA505D03B29B635D70AB11F609055BE083E1C1D5B19A156696
                              Memory Dump Source
                              • Source File: 00000000.00000002.3434813036.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                              • Associated: 00000000.00000002.3434766312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435007049.000000000054C000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435101431.00000000005F5000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435161295.00000000005F7000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435180881.00000000005F9000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435200925.0000000000602000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435218251.0000000000603000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435236346.0000000000608000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435252552.000000000060A000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000646000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000064B000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435370961.000000000064E000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_400000_99.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: cbe5e2292f52eee1a70fe9d3d1c90487436f05b66bd84106636d17740425d78f
                              • Instruction ID: 88f20df6dc62e262f0d6741b19c70635af3cecc142c2f6cd085d228aee142494
                              • Opcode Fuzzy Hash: cbe5e2292f52eee1a70fe9d3d1c90487436f05b66bd84106636d17740425d78f
                              • Instruction Fuzzy Hash: DD1251B1A80246DBEF10CF98DCC179AB7B0FF69324F280066D505AB341D37CA991DB66

                              Control-flow Graph

                              APIs
                                • Part of subcall function 005456A0: TlsGetValue.KERNEL32(00647ADC,?,00000000,00545127,00544A1B,00545143,00540552,005417F4,?,00000000,?,005391FF,00000000,00000000,00000000,00000000), ref: 005456DF
                              • CallNextHookEx.USER32(?,00000003,?,?), ref: 0053D4E5
                              • GetClassLongA.USER32(?,000000E6), ref: 0053D52C
                              • GlobalGetAtomNameA.KERNEL32(?,?,00000005,?,?,?,Function_00144A1B), ref: 0053D558
                              • lstrcmpiA.KERNEL32(?,ime), ref: 0053D567
                              • GetWindowLongA.USER32(?,000000FC), ref: 0053D5DA
                              • SetWindowLongA.USER32(?,000000FC,00000000), ref: 0053D5FB
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.3434813036.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                              • Associated: 00000000.00000002.3434766312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435007049.000000000054C000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435101431.00000000005F5000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435161295.00000000005F7000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435180881.00000000005F9000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435200925.0000000000602000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435218251.0000000000603000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435236346.0000000000608000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435252552.000000000060A000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000646000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000064B000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435370961.000000000064E000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_400000_99.jbxd
                              Similarity
                              • API ID: Long$Window$AtomCallClassGlobalHookNameNextValuelstrcmpi
                              • String ID: AfxOldWndProc423$ime
                              • API String ID: 3731301195-104836986
                              • Opcode ID: 044e700629ce0e55e2bb0ccb3b55db6fc6162dfa4443f5791052fdfdfd1d49ef
                              • Instruction ID: b8df8a054f5c23e8dac3bc454efe0e583f6fa5537e29808095d3681760d67d42
                              • Opcode Fuzzy Hash: 044e700629ce0e55e2bb0ccb3b55db6fc6162dfa4443f5791052fdfdfd1d49ef
                              • Instruction Fuzzy Hash: 8C51DE75900215AFCF119F64EC49BAE3FB8FF99365F104214F82AA7290D734E944CBA0

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 327 4e6870-4e68d1 GetProcessHeap 328 4e68e5-4e690e GetModuleFileNameA call 52b737 327->328 329 4e68d3-4e68db OleInitialize 327->329 332 4e692b-4e693e call 53b76a 328->332 333 4e6910-4e6929 call 53b91c 328->333 329->328 338 4e693f-4e69ec call 53b91c SetCurrentDirectoryA call 4d42a0 * 3 LoadCursorA GetStockObject call 4c9f00 call 53d73f 332->338 333->338 350 4e69f1-4e6a04 GetCurrentThreadId 338->350 351 4e6a06-4e6a1f 350->351 352 4e6a25-4e6a2d 350->352 351->352 353 4e6ad3-4e6add 352->353 354 4e6a33-4e6a7e call 4adee0 * 4 352->354 356 4e6b3f-4e6b45 353->356 357 4e6adf-4e6ae3 353->357 383 4e6aa2-4e6aa6 354->383 384 4e6a80-4e6a8b 354->384 358 4e6b4b-4e6c0d call 4ad770 call 53bd9b call 542efd call 542f49 call 5426de call 4bd030 call 542842 call 5427ba call 542f86 call 53bdd9 356->358 359 4e6da4-4e6db4 356->359 361 4e6b0d-4e6b3a call 4adee0 * 2 357->361 362 4e6ae5-4e6aef 357->362 405 4e6cfa-4e6d9f call 4bc5f0 call 4ad970 call 4bcf70 call 4ad970 * 2 358->405 406 4e6c13-4e6c16 358->406 361->356 365 4e6b08-4e6b0b 362->365 366 4e6af1-4e6af6 362->366 365->361 365->362 366->365 370 4e6af8-4e6b02 366->370 370->365 383->353 388 4e6aa8-4e6ab3 383->388 386 4e6a9d-4e6aa0 384->386 387 4e6a8d-4e6a95 384->387 386->383 386->384 387->386 392 4e6a97-4e6a9a 387->392 389 4e6ace-4e6ad1 388->389 390 4e6ab5-4e6ac6 388->390 389->353 389->388 390->389 393 4e6ac8-4e6acb 390->393 392->386 393->389 405->359 408 4e6c19-4e6c25 406->408 410 4e6c2b 408->410 411 4e6ce4-4e6cf4 408->411 413 4e6c2e-4e6c45 call 4bbe40 call 4bc670 410->413 411->405 411->408 423 4e6c7f-4e6cba call 4ae1b0 * 3 413->423 424 4e6c47-4e6c6c call 4ae1b0 * 3 413->424 441 4e6cbc-4e6cc1 423->441 442 4e6cd8-4e6cde 423->442 439 4e6c6e-4e6c75 424->439 440 4e6c77-4e6c7d 424->440 439->442 440->442 443 4e6ccc 441->443 444 4e6cc3-4e6cca 441->444 442->411 442->413 445 4e6cd2-4e6cd6 443->445 444->445 445->441 445->442
                              APIs
                              • GetProcessHeap.KERNEL32 ref: 004E6899
                              • OleInitialize.OLE32(00000000), ref: 004E68D5
                              • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 004E68F3
                              • SetCurrentDirectoryA.KERNEL32(00955B58,?), ref: 004E694D
                              • LoadCursorA.USER32(00000000,00007F00), ref: 004E69A8
                              • GetStockObject.GDI32(00000005), ref: 004E69C9
                              • GetCurrentThreadId.KERNEL32 ref: 004E69F1
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.3434813036.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                              • Associated: 00000000.00000002.3434766312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435007049.000000000054C000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435101431.00000000005F5000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435161295.00000000005F7000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435180881.00000000005F9000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435200925.0000000000602000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435218251.0000000000603000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435236346.0000000000608000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435252552.000000000060A000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000646000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000064B000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435370961.000000000064E000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_400000_99.jbxd
                              Similarity
                              • API ID: Current$CursorDirectoryFileHeapInitializeLoadModuleNameObjectProcessStockThread
                              • String ID: (+^$0U$4T$8+^$_EL_HideOwner
                              • API String ID: 3783217854-3307455271
                              • Opcode ID: c7597f33131cdd7faa96e6ee25b1a6488f92d4e23876ee54706767ddfb050c5d
                              • Instruction ID: 0c4f7a7f803ba3ec963453de74a2a3a6259c15f08c8277cf0ccecdbdc08eb19d
                              • Opcode Fuzzy Hash: c7597f33131cdd7faa96e6ee25b1a6488f92d4e23876ee54706767ddfb050c5d
                              • Instruction Fuzzy Hash: 7DE1E370A002159FCB14DF55CC81BEE7BB4FFA6308F14406EE905AB392DB786905CBA4

                              Control-flow Graph

                              APIs
                              • __EH_prolog.LIBCMT ref: 0053D2E5
                              • GetPropA.USER32(?,AfxOldWndProc423), ref: 0053D2FD
                              • CallWindowProcA.USER32(?,?,00000110,?,00000000), ref: 0053D35B
                                • Part of subcall function 0053CEC7: GetWindowRect.USER32(?,?), ref: 0053CEEC
                                • Part of subcall function 0053CEC7: GetWindow.USER32(?,00000004), ref: 0053CF09
                              • SetWindowLongA.USER32(?,000000FC,?), ref: 0053D38B
                              • RemovePropA.USER32(?,AfxOldWndProc423), ref: 0053D393
                              • GlobalFindAtomA.KERNEL32(AfxOldWndProc423), ref: 0053D39A
                              • GlobalDeleteAtom.KERNEL32(00000000), ref: 0053D3A1
                                • Part of subcall function 0053CEA4: GetWindowRect.USER32(?,?), ref: 0053CEB0
                              • CallWindowProcA.USER32(?,?,?,?,00000000), ref: 0053D3F5
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.3434813036.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                              • Associated: 00000000.00000002.3434766312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435007049.000000000054C000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435101431.00000000005F5000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435161295.00000000005F7000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435180881.00000000005F9000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435200925.0000000000602000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435218251.0000000000603000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435236346.0000000000608000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435252552.000000000060A000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000646000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000064B000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435370961.000000000064E000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_400000_99.jbxd
                              Similarity
                              • API ID: Window$AtomCallGlobalProcPropRect$DeleteFindH_prologLongRemove
                              • String ID: AfxOldWndProc423
                              • API String ID: 2397448395-1060338832
                              • Opcode ID: a19e210f79910cdb37e1ee1e70e634e2e48e6d926a09731abd4339e3473698c3
                              • Instruction ID: a259b02876449ec30874ae46374de9ebc6e0e4bf6dfcd4c65ff60824621df868
                              • Opcode Fuzzy Hash: a19e210f79910cdb37e1ee1e70e634e2e48e6d926a09731abd4339e3473698c3
                              • Instruction Fuzzy Hash: E231587680110AABCB01AFA4ED49DFF7F79FF8A311F104419F601A6150D7758A14EBB2

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 562 545339-545356 EnterCriticalSection 563 545365-54536a 562->563 564 545358-54535f 562->564 566 545387-545390 563->566 567 54536c-54536f 563->567 564->563 565 54541e-545421 564->565 570 545423-545426 565->570 571 545429-54544a LeaveCriticalSection 565->571 568 5453a5-5453c1 GlobalHandle GlobalUnlock GlobalReAlloc 566->568 569 545392-5453a3 GlobalAlloc 566->569 572 545372-545375 567->572 573 5453c7-5453d3 568->573 569->573 570->571 574 545377-54537d 572->574 575 54537f-545381 572->575 576 5453d5-5453eb GlobalHandle GlobalLock LeaveCriticalSection call 53985b 573->576 577 5453f0-54541d GlobalLock call 52d1b0 573->577 574->572 574->575 575->565 575->566 576->577 577->565
                              APIs
                              • EnterCriticalSection.KERNEL32(00647AF8,00647ACC,00000000,?,00647ADC,00647ADC,005456D4,?,00000000,00545127,00544A1B,00545143,00540552,005417F4,?,00000000), ref: 00545348
                              • GlobalAlloc.KERNELBASE(00002002,00000000,?,?,00647ADC,00647ADC,005456D4,?,00000000,00545127,00544A1B,00545143,00540552,005417F4,?,00000000), ref: 0054539D
                              • GlobalHandle.KERNEL32(009C6248), ref: 005453A6
                              • GlobalUnlock.KERNEL32(00000000), ref: 005453AF
                              • GlobalReAlloc.KERNEL32(00000000,00000000,00002002), ref: 005453C1
                              • GlobalHandle.KERNEL32(009C6248), ref: 005453D8
                              • GlobalLock.KERNEL32(00000000), ref: 005453DF
                              • LeaveCriticalSection.KERNEL32(00529867,?,?,00647ADC,00647ADC,005456D4,?,00000000,00545127,00544A1B,00545143,00540552,005417F4,?,00000000), ref: 005453E5
                              • GlobalLock.KERNEL32(00000000), ref: 005453F4
                              • LeaveCriticalSection.KERNEL32(?), ref: 0054543D
                              Memory Dump Source
                              • Source File: 00000000.00000002.3434813036.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                              • Associated: 00000000.00000002.3434766312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435007049.000000000054C000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435101431.00000000005F5000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435161295.00000000005F7000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435180881.00000000005F9000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435200925.0000000000602000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435218251.0000000000603000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435236346.0000000000608000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435252552.000000000060A000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000646000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000064B000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435370961.000000000064E000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_400000_99.jbxd
                              Similarity
                              • API ID: Global$CriticalSection$AllocHandleLeaveLock$EnterUnlock
                              • String ID:
                              • API String ID: 2667261700-0
                              • Opcode ID: 04a1e75903679f4b20d0c22195df22700d2c640d61b59c82a932419cfd4196df
                              • Instruction ID: 99d0f395cc57032d1c5c4917a229a5e6c89620ce1e54810177c83c76dd38d239
                              • Opcode Fuzzy Hash: 04a1e75903679f4b20d0c22195df22700d2c640d61b59c82a932419cfd4196df
                              • Instruction Fuzzy Hash: 1931A8792047059FD7249F68DC89A6ABFE9FF95305B004D2DF592C3651E7B1E808CB10

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 758 536a6c-536aa7 call 531fa4 call 529ee2 763 536baa-536bad 758->763 764 536aad-536ac3 call 532005 GetTimeZoneInformation 758->764 765 536bb3-536bba 763->765 766 536ce7-536ced call 532005 763->766 774 536ac9-536aec 764->774 775 536cee-536cf2 764->775 769 536bcd-536bef call 52af7e call 52d2d0 call 52b067 765->769 770 536bbc-536bc7 call 532e20 765->770 766->775 769->766 793 536bf5-536c22 call 532310 call 532005 call 52ae80 769->793 770->766 770->769 779 536afa-536b01 774->779 780 536aee-536af5 774->780 782 536b03-536b0a 779->782 783 536b1e-536b24 779->783 780->779 782->783 784 536b0c-536b1c 782->784 786 536b2a-536b54 WideCharToMultiByte 783->786 784->786 788 536b66-536b6b 786->788 789 536b56-536b59 786->789 792 536b6e-536b8d WideCharToMultiByte 788->792 789->788 791 536b5b-536b64 789->791 791->792 794 536b93-536b96 792->794 795 536cdd-536ce5 792->795 803 536c24-536c2b 793->803 804 536c2c-536c3d call 52a38d 793->804 794->795 797 536b9c-536ba5 794->797 795->775 797->775 803->804 807 536c43-536c47 804->807 808 536c51-536c52 807->808 809 536c49-536c4b 807->809 808->807 810 536c54-536c57 809->810 811 536c4d-536c4f 809->811 812 536ca7-536cab 810->812 813 536c59-536c6c call 52a38d 810->813 811->808 811->810 814 536cb5-536cbf 812->814 815 536cad-536caf 812->815 820 536c72-536c76 813->820 814->795 817 536cc1-536cdb call 52ae80 814->817 815->814 817->775 822 536c78-536c7a 820->822 823 536c7f-536c82 820->823 822->823 824 536c7c-536c7d 822->824 823->812 825 536c84-536c94 call 52a38d 823->825 824->820 828 536c9a-536c9e 825->828 828->812 829 536ca0-536ca2 828->829 829->812 830 536ca4-536ca5 829->830 830->828
                              APIs
                                • Part of subcall function 00531FA4: InitializeCriticalSection.KERNEL32(00000000,00000000,?,?,0052BFBC,00000009,00000000,00000000,00000001,0052F726,00000001,00000074,?,?,00000000,00000001), ref: 00531FE1
                                • Part of subcall function 00531FA4: EnterCriticalSection.KERNEL32(?,?,?,0052BFBC,00000009,00000000,00000000,00000001,0052F726,00000001,00000074,?,?,00000000,00000001), ref: 00531FFC
                                • Part of subcall function 00532005: LeaveCriticalSection.KERNEL32(?,0052B172,00000009,0052B15E,00000000,?,00000000,00000000,00000000), ref: 00532012
                              • GetTimeZoneInformation.KERNELBASE(0000000C,?,?,?,0000000B,0000000B,?,00536A5D,005365C6,?,?,?,?,0052C28E,?,?), ref: 00536ABA
                              • WideCharToMultiByte.KERNEL32(00000220,Eastern Standard Time,000000FF,0000003F,00000000,?,?,00536A5D,005365C6,?,?,?,?,0052C28E,?,?), ref: 00536B50
                              • WideCharToMultiByte.KERNEL32(00000220,Eastern Summer Time,000000FF,0000003F,00000000,?,?,00536A5D,005365C6,?,?,?,?,0052C28E,?,?), ref: 00536B89
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.3434813036.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                              • Associated: 00000000.00000002.3434766312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435007049.000000000054C000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435101431.00000000005F5000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435161295.00000000005F7000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435180881.00000000005F9000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435200925.0000000000602000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435218251.0000000000603000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435236346.0000000000608000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435252552.000000000060A000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000646000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000064B000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435370961.000000000064E000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_400000_99.jbxd
                              Similarity
                              • API ID: CriticalSection$ByteCharMultiWide$EnterInformationInitializeLeaveTimeZone
                              • String ID: Eastern Standard Time$Eastern Summer Time
                              • API String ID: 3442286286-239921721
                              • Opcode ID: a565d644f7c55c69a5c7837bba18757adc7375bb63d1955789d80bbebf791a5f
                              • Instruction ID: e359ecdf57291a8917080395310e68b04b94b110c57f5874d9ed0eb2af713f5b
                              • Opcode Fuzzy Hash: a565d644f7c55c69a5c7837bba18757adc7375bb63d1955789d80bbebf791a5f
                              • Instruction Fuzzy Hash: 0C614574544256AFD7219F28EC59B2A3FEAFB42320F24A22EE0C0C71E1D7708D46DB51

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 831 41715a-41716e call 416e5a 834 417170-417177 831->834 835 417178-4171a6 call 416f1a 831->835 835->834 838 4171a8-4171d1 call 416f1a 835->838 838->834 841 4171d3-417208 call 416f1a 838->841 841->834 844 41720e-417244 call 416f1a 841->844 844->834 847 41724a-417257 844->847 848 41725d-417275 847->848 849 41733f-41734b 847->849 848->849 850 41727b-41727d 848->850 851 41727f-417299 LoadLibraryA 850->851 852 4172a2-4172af 851->852 853 41729b-41729e 851->853 854 4172b1-4172b9 852->854 855 417323-417339 852->855 853->852 856 4172ba-4172be 854->856 855->849 855->851 857 4172c0-4172c3 856->857 858 4172c5-4172c8 856->858 859 4172ca-4172d0 857->859 858->859 860 4172d2-4172e7 859->860 861 4172e9-4172f6 859->861 860->861 864 4172f8-41731d 860->864 861->864 865 41734c-41734f 861->865 864->856 868 41731f 864->868 866 417351-417357 865->866 867 417375-41737e 865->867 869 41735a-41735c 866->869 868->855 869->867 870 41735e-417373 869->870 870->867 870->869
                              APIs
                              • LoadLibraryA.KERNELBASE(?,?,?), ref: 00417288
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.3434813036.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                              • Associated: 00000000.00000002.3434766312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435007049.000000000054C000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435101431.00000000005F5000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435161295.00000000005F7000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435180881.00000000005F9000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435200925.0000000000602000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435218251.0000000000603000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435236346.0000000000608000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435252552.000000000060A000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000646000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000064B000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435370961.000000000064E000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_400000_99.jbxd
                              Similarity
                              • API ID: LibraryLoad
                              • String ID: Load$dleA$eHan$odul
                              • API String ID: 1029625771-1617681351
                              • Opcode ID: cbb446ad3e450375899919343118c7f7fd091695d447855841496772320d1268
                              • Instruction ID: 13f736911063711045c7a018fad862b542717d425a88dd95c8452eea890554cd
                              • Opcode Fuzzy Hash: cbb446ad3e450375899919343118c7f7fd091695d447855841496772320d1268
                              • Instruction Fuzzy Hash: 385111B16083529FC764CF19C88079BBBF4AF84354F84586EF8958B310EB74D985CB9A

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 873 100294c0-100294cf 874 100294d1-100294e3 GetTempPathA 873->874 875 100294eb-10029511 873->875 876 10029513-1002952c 874->876 877 100294e5-100294e9 874->877 875->876 878 10029531-1002953d 876->878 879 1002952e 876->879 877->876 880 10029543-10029569 GetTickCount wsprintfA PathFileExistsA 878->880 879->878 880->880 881 1002956b-100295b3 call 10027bb0 880->881
                              APIs
                              • GetTempPathA.KERNELBASE(00000104,00000000,00000000,1002C201,00000264), ref: 100294DB
                              • GetTickCount.KERNEL32 ref: 10029543
                              • wsprintfA.USER32 ref: 10029558
                              • PathFileExistsA.KERNELBASE(?), ref: 10029565
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.3437150810.0000000010000000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_10000000_99.jbxd
                              Similarity
                              • API ID: Path$CountExistsFileTempTickwsprintf
                              • String ID: %s%x.tmp
                              • API String ID: 3843276195-78920241
                              • Opcode ID: 2e5e0e6654714d979119431959421d409a367cea90acc93e1422cbe6f956d51b
                              • Instruction ID: 19c0f5fbbc49b21063d5a4c1e69b6cb6cd736cc94922c53957f775166a9e82b6
                              • Opcode Fuzzy Hash: 2e5e0e6654714d979119431959421d409a367cea90acc93e1422cbe6f956d51b
                              • Instruction Fuzzy Hash: 9521F6352046144FE329D638AC526EB77D5FBC4360F948A2DF9AA831C0DF74DD058791

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 903 10027bb0-10027bb7 904 10027bc4-10027bd7 RtlAllocateHeap 903->904 905 10027bb9-10027bbf GetProcessHeap 903->905 906 10027bf5-10027bf8 904->906 907 10027bd9-10027bf2 MessageBoxA call 10027b10 904->907 905->904 907->906
                              APIs
                              • GetProcessHeap.KERNEL32(10028674), ref: 10027BB9
                              • RtlAllocateHeap.NTDLL(009B0000,00000008,?,?,10028674), ref: 10027BCD
                              • MessageBoxA.USER32(00000000,1002D884,error,00000010), ref: 10027BE6
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.3437150810.0000000010000000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_10000000_99.jbxd
                              Similarity
                              • API ID: Heap$AllocateMessageProcess
                              • String ID: error
                              • API String ID: 2992861138-1574812785
                              • Opcode ID: 49d87085d1c515788fcd29673903f8628afbe878102aee32d5879f9984d40736
                              • Instruction ID: 89e5899bf0a8eaacd33e9d23978464e8beef4f738102cb453b69e42e0a268b90
                              • Opcode Fuzzy Hash: 49d87085d1c515788fcd29673903f8628afbe878102aee32d5879f9984d40736
                              • Instruction Fuzzy Hash: 4DE0DF71A01A31ABE322EB64BC88F4B7698EF05B41F910526F608E2240EF20AC019791

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 910 416ffa-41700a call 416e5a 913 417012-41703f call 416f1a 910->913 914 41700c-417011 910->914 917 417041-417047 913->917 918 417048-417055 VirtualAlloc 913->918 919 417062-417068 918->919 920 417057-41705f 918->920 920->919
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.3434813036.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                              • Associated: 00000000.00000002.3434766312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435007049.000000000054C000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435101431.00000000005F5000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435161295.00000000005F7000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435180881.00000000005F9000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435200925.0000000000602000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435218251.0000000000603000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435236346.0000000000608000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435252552.000000000060A000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000646000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000064B000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435370961.000000000064E000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_400000_99.jbxd
                              Similarity
                              • API ID:
                              • String ID: Virt$lloc$ualA
                              • API String ID: 0-1619206022
                              • Opcode ID: fc702225be9061ec86dcb6acbd893243b6e9044b5065bc4ab79030e5725022ff
                              • Instruction ID: 4ddf5e524fbb91e2214ced637b84f1b3d12085cad52475ddd5e88a9f8165a560
                              • Opcode Fuzzy Hash: fc702225be9061ec86dcb6acbd893243b6e9044b5065bc4ab79030e5725022ff
                              • Instruction Fuzzy Hash: 95F0467174431126D3206A1E5C41B9B6AA8CBC0BA1F80882FFE48D6382E63DC90906AA

                              Control-flow Graph

                              APIs
                              • CreateFileA.KERNELBASE(00000000,80000000,00000003,00000000,00000003,00000020,00000000,00000000,100149DF,00000001,00000000,00000000,80000004,00000000,00000000,00000000), ref: 10028D55
                              • GetFileSize.KERNEL32(00000000,?,1002C201,00000268,?,00000000,00000000,00000000,00000000), ref: 10028D6C
                                • Part of subcall function 10027BB0: GetProcessHeap.KERNEL32(10028674), ref: 10027BB9
                                • Part of subcall function 10027BB0: RtlAllocateHeap.NTDLL(009B0000,00000008,?,?,10028674), ref: 10027BCD
                                • Part of subcall function 10027BB0: MessageBoxA.USER32(00000000,1002D884,error,00000010), ref: 10027BE6
                              • ReadFile.KERNELBASE(00000000,00000008,00000000,?,00000000,?,?,00000000,00000000,00000000,00000000), ref: 10028D98
                              • CloseHandle.KERNELBASE(00000000,?,?,00000000,00000000,00000000,00000000), ref: 10028D9F
                              Memory Dump Source
                              • Source File: 00000000.00000002.3437150810.0000000010000000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_10000000_99.jbxd
                              Similarity
                              • API ID: File$Heap$AllocateCloseCreateHandleMessageProcessReadSize
                              • String ID:
                              • API String ID: 749537981-0
                              • Opcode ID: e30a59cac924785109d668b76131e4edff7319d033e682f57e2deec09e2c1d43
                              • Instruction ID: 3e7a6e3e6917c5c906f0044d82f650070526e8034b550c75b50b94cd4b2286ca
                              • Opcode Fuzzy Hash: e30a59cac924785109d668b76131e4edff7319d033e682f57e2deec09e2c1d43
                              • Instruction Fuzzy Hash: 31F044762003107BE3218B64DCC9F9B77ACEB84B51F204A1DF616961D0E670A5458761
                              APIs
                              • GetCurrentThreadId.KERNEL32 ref: 00540575
                              • SetWindowsHookExA.USER32(000000FF,V[H,00000000,00000000), ref: 00540585
                                • Part of subcall function 00545735: __EH_prolog.LIBCMT ref: 0054573A
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.3434813036.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                              • Associated: 00000000.00000002.3434766312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435007049.000000000054C000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435101431.00000000005F5000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435161295.00000000005F7000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435180881.00000000005F9000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435200925.0000000000602000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435218251.0000000000603000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435236346.0000000000608000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435252552.000000000060A000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000646000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000064B000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435370961.000000000064E000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_400000_99.jbxd
                              Similarity
                              • API ID: CurrentH_prologHookThreadWindows
                              • String ID: V[H
                              • API String ID: 2183259885-1749968117
                              • Opcode ID: acfd5a5df46238ab89823304b9d084d8d7c8693daec9fda8f62563b5edcbf563
                              • Instruction ID: 0ae027b83c703047a29508e3fbe591a04ac154ecaee73aeccb9fc6af20781abf
                              • Opcode Fuzzy Hash: acfd5a5df46238ab89823304b9d084d8d7c8693daec9fda8f62563b5edcbf563
                              • Instruction Fuzzy Hash: D7F0A031945B11ABC720BF70AC0EBD93E60BB91728F145658F2424B0D3EA705845CBA1
                              APIs
                              • CreateIconFromResourceEx.USER32(00000000,?,00000001,00030000,?,?,00000000), ref: 004D0F1B
                              • CreateIconFromResource.USER32(00000000,?,00000001,00030000), ref: 004D0F3B
                              • DestroyIcon.USER32(?), ref: 004D0F6B
                              Memory Dump Source
                              • Source File: 00000000.00000002.3434813036.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                              • Associated: 00000000.00000002.3434766312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435007049.000000000054C000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435101431.00000000005F5000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435161295.00000000005F7000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435180881.00000000005F9000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435200925.0000000000602000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435218251.0000000000603000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435236346.0000000000608000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435252552.000000000060A000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000646000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000064B000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435370961.000000000064E000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_400000_99.jbxd
                              Similarity
                              • API ID: Icon$CreateFromResource$Destroy
                              • String ID:
                              • API String ID: 4181819098-0
                              • Opcode ID: 3a359a5cbc1059252b2d66c607b6ecc2e1f45e091797e7dc136af570982590d7
                              • Instruction ID: 3d466b2f4d1e4b5dfdcea24b9b80c5a4f06a586cfd265fd4623948dacda55361
                              • Opcode Fuzzy Hash: 3a359a5cbc1059252b2d66c607b6ecc2e1f45e091797e7dc136af570982590d7
                              • Instruction Fuzzy Hash: A461BFB1A00205AFCB24DF58D894BAEBBF5FB48314F60892FE556D7380D778A9408B95
                              APIs
                                • Part of subcall function 0053C235: __EH_prolog.LIBCMT ref: 0053C23A
                                • Part of subcall function 0053C235: GetFullPathNameA.KERNEL32(?,00000104,?,?,?,?), ref: 0053C258
                                • Part of subcall function 0053C235: lstrcpynA.KERNEL32(?,?,00000104), ref: 0053C267
                              • CreateFileA.KERNELBASE(00000000,80000000,00000000,0000000C,00000003,00000080,00000000,?,?,?,?), ref: 0053BFE4
                              • GetLastError.KERNEL32 ref: 0053BFF6
                              Memory Dump Source
                              • Source File: 00000000.00000002.3434813036.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                              • Associated: 00000000.00000002.3434766312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435007049.000000000054C000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435101431.00000000005F5000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435161295.00000000005F7000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435180881.00000000005F9000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435200925.0000000000602000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435218251.0000000000603000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435236346.0000000000608000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435252552.000000000060A000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000646000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000064B000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435370961.000000000064E000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_400000_99.jbxd
                              Similarity
                              • API ID: CreateErrorFileFullH_prologLastNamePathlstrcpyn
                              • String ID:
                              • API String ID: 1034715445-0
                              • Opcode ID: 9f12efecb2b997ef181a6ebedd44c7c988c3fd0e4ec5df42e4f60667480ed347
                              • Instruction ID: 940cfcafcb9b4353b865ed7c532f7f00e1cdf58f1c8be64bf5b06c19a1461c67
                              • Opcode Fuzzy Hash: 9f12efecb2b997ef181a6ebedd44c7c988c3fd0e4ec5df42e4f60667480ed347
                              • Instruction Fuzzy Hash: F631E972A00709AFFB248E64CC4ABAE7FA5BB80354F24992DF616DB1D0D7749D448F50
                              APIs
                              • SetErrorMode.KERNELBASE(00000000,00000000,00541813,00000000,00000000,00000000,00000000,?,00000000,?,005391FF,00000000,00000000,00000000,00000000,00529867), ref: 00545F77
                              • SetErrorMode.KERNELBASE(00000000,?,00000000,?,005391FF,00000000,00000000,00000000,00000000,00529867,00000000), ref: 00545F7E
                                • Part of subcall function 00545FD1: GetModuleFileNameA.KERNEL32(00000000,?,00000104,?,?), ref: 00546002
                                • Part of subcall function 00545FD1: lstrcpyA.KERNEL32(?,.HLP,?,?,00000104), ref: 005460A3
                                • Part of subcall function 00545FD1: lstrcatA.KERNEL32(?,.INI,?,?,00000104), ref: 005460D0
                              Memory Dump Source
                              • Source File: 00000000.00000002.3434813036.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                              • Associated: 00000000.00000002.3434766312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435007049.000000000054C000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435101431.00000000005F5000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435161295.00000000005F7000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435180881.00000000005F9000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435200925.0000000000602000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435218251.0000000000603000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435236346.0000000000608000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435252552.000000000060A000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000646000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000064B000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435370961.000000000064E000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_400000_99.jbxd
                              Similarity
                              • API ID: ErrorMode$FileModuleNamelstrcatlstrcpy
                              • String ID:
                              • API String ID: 3389432936-0
                              • Opcode ID: 1b8a2e939c15d7100d6e2cd818f1e3714c1a93e988b96d01017499d75d66a61c
                              • Instruction ID: 9750cad0822958f32d66414eaa896c0ded1769933289dad75b51251c75804072
                              • Opcode Fuzzy Hash: 1b8a2e939c15d7100d6e2cd818f1e3714c1a93e988b96d01017499d75d66a61c
                              • Instruction Fuzzy Hash: A9F037B4924716AFD714EF24D449B897FA4BF88714F05848AF4889B3A3DB70D844CBA2
                              APIs
                              • WriteFile.KERNELBASE(?,?,?,?,00000000,?,00000001,?,004A9B7F,-00000010,?,?,00001011,00000000), ref: 0053C07B
                              • GetLastError.KERNEL32(?,?,004A9B7F,-00000010,?,?,00001011,00000000), ref: 0053C088
                              Memory Dump Source
                              • Source File: 00000000.00000002.3434813036.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                              • Associated: 00000000.00000002.3434766312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435007049.000000000054C000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435101431.00000000005F5000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435161295.00000000005F7000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435180881.00000000005F9000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435200925.0000000000602000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435218251.0000000000603000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435236346.0000000000608000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435252552.000000000060A000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000646000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000064B000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435370961.000000000064E000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_400000_99.jbxd
                              Similarity
                              • API ID: ErrorFileLastWrite
                              • String ID:
                              • API String ID: 442123175-0
                              • Opcode ID: d833e085cd768cfee00ab740d0e3c21625b8eea2648b939b781bf678fab4b62c
                              • Instruction ID: bc409b2a658af03c95d1c1eb678225982a6604df0294ac44bea6b8f4add88a50
                              • Opcode Fuzzy Hash: d833e085cd768cfee00ab740d0e3c21625b8eea2648b939b781bf678fab4b62c
                              • Instruction Fuzzy Hash: F9F0A03A100604BBDB206F96DC08F8ABF78FFD1734F20C22AFA28951A0D77198009B60
                              APIs
                              • HeapCreate.KERNELBASE(00000000,00001000,00000000,005297E5,00000001), ref: 0052F8EE
                                • Part of subcall function 0052F795: GetVersionExA.KERNEL32 ref: 0052F7B4
                              • HeapDestroy.KERNEL32 ref: 0052F92D
                                • Part of subcall function 005331E5: HeapAlloc.KERNEL32(00000000,00000140,0052F916,000003F8), ref: 005331F2
                              Memory Dump Source
                              • Source File: 00000000.00000002.3434813036.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                              • Associated: 00000000.00000002.3434766312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435007049.000000000054C000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435101431.00000000005F5000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435161295.00000000005F7000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435180881.00000000005F9000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435200925.0000000000602000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435218251.0000000000603000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435236346.0000000000608000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435252552.000000000060A000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000646000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000064B000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435370961.000000000064E000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_400000_99.jbxd
                              Similarity
                              • API ID: Heap$AllocCreateDestroyVersion
                              • String ID:
                              • API String ID: 2507506473-0
                              • Opcode ID: 6d70e748f7679c9a3cc6a271d0b20ca18aa52f0544c157b705eaef8219ed11f2
                              • Instruction ID: 9769f5b3ac10e338bb7261731a960c04bb589ce67771ac6ce5b105d7d3ce8eb2
                              • Opcode Fuzzy Hash: 6d70e748f7679c9a3cc6a271d0b20ca18aa52f0544c157b705eaef8219ed11f2
                              • Instruction Fuzzy Hash: 11F06534941312BEEB641B30BC49B692EB5BFD2B85F105875F401C81E4EB61C5C19B11
                              APIs
                              • DefWindowProcA.USER32(?,?,?,?), ref: 0053DAA2
                              • CallWindowProcA.USER32(?,?,?,?,?), ref: 0053DAB7
                              Memory Dump Source
                              • Source File: 00000000.00000002.3434813036.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                              • Associated: 00000000.00000002.3434766312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435007049.000000000054C000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435101431.00000000005F5000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435161295.00000000005F7000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435180881.00000000005F9000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435200925.0000000000602000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435218251.0000000000603000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435236346.0000000000608000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435252552.000000000060A000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000646000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000064B000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435370961.000000000064E000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_400000_99.jbxd
                              Similarity
                              • API ID: ProcWindow$Call
                              • String ID:
                              • API String ID: 2316559721-0
                              • Opcode ID: 94348adb018a3dbd2b2bfe0f5f45ecc4c40b7ea2b7ed68757953cd60081a06af
                              • Instruction ID: b7abcdfbaccaeb83a02f57114c55d291a30045b26177eb96d8bcfe06cace1882
                              • Opcode Fuzzy Hash: 94348adb018a3dbd2b2bfe0f5f45ecc4c40b7ea2b7ed68757953cd60081a06af
                              • Instruction Fuzzy Hash: 55F0A536104208FFCF619F99EC08D9A7FF9FF19351B148529FA4A8A124D732D824AB50
                              APIs
                              • SendMessageA.USER32(00008075,?,00000000), ref: 0050F1FE
                              • CallWindowProcA.USER32(?,00000312,?,?), ref: 0050F217
                              Memory Dump Source
                              • Source File: 00000000.00000002.3434813036.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                              • Associated: 00000000.00000002.3434766312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435007049.000000000054C000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435101431.00000000005F5000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435161295.00000000005F7000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435180881.00000000005F9000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435200925.0000000000602000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435218251.0000000000603000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435236346.0000000000608000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435252552.000000000060A000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000646000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000064B000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435370961.000000000064E000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_400000_99.jbxd
                              Similarity
                              • API ID: CallMessageProcSendWindow
                              • String ID:
                              • API String ID: 3536146835-0
                              • Opcode ID: 128323b7248de4112c5d6103c64117f3fcbeb65005fdedfa9583eb49f07eb3d4
                              • Instruction ID: caa88d554f1d48addeb25bf896d5ec329a0f99c844175859f2e22d374ca8e8c5
                              • Opcode Fuzzy Hash: 128323b7248de4112c5d6103c64117f3fcbeb65005fdedfa9583eb49f07eb3d4
                              • Instruction Fuzzy Hash: F7F0303D14160AEBDF229F40EC45AAE3F22BF04304F109420FA66144E286719920EB21
                              APIs
                                • Part of subcall function 005456A0: TlsGetValue.KERNEL32(00647ADC,?,00000000,00545127,00544A1B,00545143,00540552,005417F4,?,00000000,?,005391FF,00000000,00000000,00000000,00000000), ref: 005456DF
                              • GetCurrentThreadId.KERNEL32 ref: 0053D6D3
                              • SetWindowsHookExA.USER32(00000005,0053D4BB,00000000,00000000), ref: 0053D6E3
                              Memory Dump Source
                              • Source File: 00000000.00000002.3434813036.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                              • Associated: 00000000.00000002.3434766312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435007049.000000000054C000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435101431.00000000005F5000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435161295.00000000005F7000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435180881.00000000005F9000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435200925.0000000000602000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435218251.0000000000603000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435236346.0000000000608000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435252552.000000000060A000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000646000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000064B000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435370961.000000000064E000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_400000_99.jbxd
                              Similarity
                              • API ID: CurrentHookThreadValueWindows
                              • String ID:
                              • API String ID: 933525246-0
                              • Opcode ID: 94887959ee0b803379a170ce4c751ebfd3b41378d7a3e609c451fe6d1c3dcc27
                              • Instruction ID: 330cf762e0a24f07deb937583305803b20fa497fea4479974671d1e53923d565
                              • Opcode Fuzzy Hash: 94887959ee0b803379a170ce4c751ebfd3b41378d7a3e609c451fe6d1c3dcc27
                              • Instruction Fuzzy Hash: 0BE06D71641F019FC3309F65A80AB5BBFB8FBD1B55F04452DE26A92440D2B0A8498F71
                              APIs
                              • IsBadReadPtr.KERNEL32(00000000,00000008), ref: 10027C6E
                              • RtlFreeHeap.NTDLL(009B0000,00000000,00000000), ref: 10027C80
                                • Part of subcall function 10027AE0: GetModuleHandleA.KERNEL32(10000000,10027CB6,?,?,00000000,10013438,00000004,1002D4C1,00000000,00000000,?,00000014,00000000,00000000), ref: 10027AEA
                              Memory Dump Source
                              • Source File: 00000000.00000002.3437150810.0000000010000000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_10000000_99.jbxd
                              Similarity
                              • API ID: FreeHandleHeapModuleRead
                              • String ID:
                              • API String ID: 627478288-0
                              • Opcode ID: 4d9379b0d58c283c6db725ca31a97e2f75bce73c470b809a1bff60f02603aa99
                              • Instruction ID: 59851536013e0aac3578df5bad16e171669d5e3b00cd7f1de4e20f90094f5fd3
                              • Opcode Fuzzy Hash: 4d9379b0d58c283c6db725ca31a97e2f75bce73c470b809a1bff60f02603aa99
                              • Instruction Fuzzy Hash: 46E0ED71A0153297EB21FB34ADC4A4B769CFB417C0BB1402AF548B3151D330AC818BA2
                              APIs
                              • GetWindowTextLengthA.USER32(?), ref: 0053DBBA
                              • GetWindowTextA.USER32(?,00000000,00000000), ref: 0053DBD2
                                • Part of subcall function 0053BC12: lstrlenA.KERNEL32(?,00000104,0053C3A8,000000FF), ref: 0053BC25
                              Memory Dump Source
                              • Source File: 00000000.00000002.3434813036.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                              • Associated: 00000000.00000002.3434766312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435007049.000000000054C000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435101431.00000000005F5000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435161295.00000000005F7000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435180881.00000000005F9000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435200925.0000000000602000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435218251.0000000000603000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435236346.0000000000608000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435252552.000000000060A000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000646000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000064B000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435370961.000000000064E000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_400000_99.jbxd
                              Similarity
                              • API ID: TextWindow$Lengthlstrlen
                              • String ID:
                              • API String ID: 288803333-0
                              • Opcode ID: d51c9d416cb62018856122acdd205f5426003c1cc8468e77e0adcc0a80a44ff7
                              • Instruction ID: 40e455d1f7ec45076e555760ab8c338e10b4642704f17eb7e464a17e27420023
                              • Opcode Fuzzy Hash: d51c9d416cb62018856122acdd205f5426003c1cc8468e77e0adcc0a80a44ff7
                              • Instruction Fuzzy Hash: AFE03035109202AFCB649F54E858CAABBB5BF98315B11DA1DB55A871B0CF30A848DB20
                              APIs
                              • RtlAllocateHeap.NTDLL(00000000,-0000000F,00000000,?,00000000,00000000,00000000), ref: 0052B18C
                                • Part of subcall function 00531FA4: InitializeCriticalSection.KERNEL32(00000000,00000000,?,?,0052BFBC,00000009,00000000,00000000,00000001,0052F726,00000001,00000074,?,?,00000000,00000001), ref: 00531FE1
                                • Part of subcall function 00531FA4: EnterCriticalSection.KERNEL32(?,?,?,0052BFBC,00000009,00000000,00000000,00000001,0052F726,00000001,00000074,?,?,00000000,00000001), ref: 00531FFC
                              Memory Dump Source
                              • Source File: 00000000.00000002.3434813036.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                              • Associated: 00000000.00000002.3434766312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435007049.000000000054C000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435101431.00000000005F5000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435161295.00000000005F7000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435180881.00000000005F9000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435200925.0000000000602000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435218251.0000000000603000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435236346.0000000000608000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435252552.000000000060A000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000646000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000064B000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435370961.000000000064E000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_400000_99.jbxd
                              Similarity
                              • API ID: CriticalSection$AllocateEnterHeapInitialize
                              • String ID:
                              • API String ID: 1616793339-0
                              • Opcode ID: a430301c3ea94a0236b565b714ea5e99c3eb1572c23bd41c9b1d609600e81894
                              • Instruction ID: b5083084595d51c16b9c78ecc9d06bec731e209763d753266da08e1e29b02a23
                              • Opcode Fuzzy Hash: a430301c3ea94a0236b565b714ea5e99c3eb1572c23bd41c9b1d609600e81894
                              • Instruction Fuzzy Hash: 2721B332E00629ABEB10EB68EC46B9E7FA4FF02760F144615F510EB1D1C774A951DBA4
                              APIs
                              • RtlFreeHeap.NTDLL(00000000,00000000,00000000,?,00000000,?,0052BFBC,00000009,00000000,00000000,00000001,0052F726,00000001,00000074), ref: 0052B052
                                • Part of subcall function 00531FA4: InitializeCriticalSection.KERNEL32(00000000,00000000,?,?,0052BFBC,00000009,00000000,00000000,00000001,0052F726,00000001,00000074,?,?,00000000,00000001), ref: 00531FE1
                                • Part of subcall function 00531FA4: EnterCriticalSection.KERNEL32(?,?,?,0052BFBC,00000009,00000000,00000000,00000001,0052F726,00000001,00000074,?,?,00000000,00000001), ref: 00531FFC
                              Memory Dump Source
                              • Source File: 00000000.00000002.3434813036.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                              • Associated: 00000000.00000002.3434766312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435007049.000000000054C000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435101431.00000000005F5000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435161295.00000000005F7000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435180881.00000000005F9000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435200925.0000000000602000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435218251.0000000000603000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435236346.0000000000608000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435252552.000000000060A000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000646000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000064B000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435370961.000000000064E000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_400000_99.jbxd
                              Similarity
                              • API ID: CriticalSection$EnterFreeHeapInitialize
                              • String ID:
                              • API String ID: 641406236-0
                              • Opcode ID: 1446cb0aac6dbb9ac088178f21a022f5cbb89f0eb215f2d21cd697a9ca51d626
                              • Instruction ID: 4b7157d4c010e677eddca94d7ff358e31869ab29aae04c745b86a937fce8c61f
                              • Opcode Fuzzy Hash: 1446cb0aac6dbb9ac088178f21a022f5cbb89f0eb215f2d21cd697a9ca51d626
                              • Instruction Fuzzy Hash: 1121D776D05619ABDF219BA4ED0AFEE7F78FF42320F140215F420B11C0D7799A408BA5
                              APIs
                              • __EH_prolog.LIBCMT ref: 0053D01C
                                • Part of subcall function 005456A0: TlsGetValue.KERNEL32(00647ADC,?,00000000,00545127,00544A1B,00545143,00540552,005417F4,?,00000000,?,005391FF,00000000,00000000,00000000,00000000), ref: 005456DF
                              Memory Dump Source
                              • Source File: 00000000.00000002.3434813036.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                              • Associated: 00000000.00000002.3434766312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435007049.000000000054C000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435101431.00000000005F5000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435161295.00000000005F7000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435180881.00000000005F9000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435200925.0000000000602000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435218251.0000000000603000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435236346.0000000000608000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435252552.000000000060A000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000646000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000064B000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435370961.000000000064E000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_400000_99.jbxd
                              Similarity
                              • API ID: H_prologValue
                              • String ID:
                              • API String ID: 3700342317-0
                              • Opcode ID: 64a7667aebd41429549b20ee3b777d14039fe452385f8afe78ca7d01346b8539
                              • Instruction ID: fcfa473115c83f7e3b1e8423da818ba302da19d53e223f15a2bb897fa2930f54
                              • Opcode Fuzzy Hash: 64a7667aebd41429549b20ee3b777d14039fe452385f8afe78ca7d01346b8539
                              • Instruction Fuzzy Hash: 6C214872A0020AEFCF15DF54D489AEE7BB9FF48714F10406AF915AB241E771AE45CBA0
                              APIs
                              • CreateWindowExA.USER32(00000000,00000080,004E69F1,?,?,?,?,?,?,?,?,?), ref: 0053D7DD
                              Memory Dump Source
                              • Source File: 00000000.00000002.3434813036.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                              • Associated: 00000000.00000002.3434766312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435007049.000000000054C000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435101431.00000000005F5000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435161295.00000000005F7000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435180881.00000000005F9000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435200925.0000000000602000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435218251.0000000000603000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435236346.0000000000608000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435252552.000000000060A000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000646000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000064B000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435370961.000000000064E000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_400000_99.jbxd
                              Similarity
                              • API ID: CreateWindow
                              • String ID:
                              • API String ID: 716092398-0
                              • Opcode ID: d0be4f162c82c754a3b8ed4b5ff0ed0122ebd98cd2f428697c1a63d40631c57f
                              • Instruction ID: 720d72bc0e501d652f455c72ede72e402e73c88abb30add8b584b45441500539
                              • Opcode Fuzzy Hash: d0be4f162c82c754a3b8ed4b5ff0ed0122ebd98cd2f428697c1a63d40631c57f
                              • Instruction Fuzzy Hash: AF31CE79A0021AAFCF01DFA8D845ADEBBF1BF4C300F114069F918E7210E7359A519FA0
                              APIs
                              • SendMessageA.USER32(?,?,?,?), ref: 0053EB58
                              Memory Dump Source
                              • Source File: 00000000.00000002.3434813036.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                              • Associated: 00000000.00000002.3434766312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435007049.000000000054C000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435101431.00000000005F5000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435161295.00000000005F7000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435180881.00000000005F9000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435200925.0000000000602000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435218251.0000000000603000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435236346.0000000000608000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435252552.000000000060A000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000646000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000064B000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435370961.000000000064E000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_400000_99.jbxd
                              Similarity
                              • API ID: MessageSend
                              • String ID:
                              • API String ID: 3850602802-0
                              • Opcode ID: 9d4dab7a4eeceae951a897481de46894d5f95c4f27fac3d41ee7ea69fbe0bd65
                              • Instruction ID: cf20bb1d70afad32d70445b7813e1a6b40ad622a2af44e5ff3c4898507c97c47
                              • Opcode Fuzzy Hash: 9d4dab7a4eeceae951a897481de46894d5f95c4f27fac3d41ee7ea69fbe0bd65
                              • Instruction Fuzzy Hash: 6FF09032101209AFEF129F50DCA2BE9BFA6FF04350F144424FD4A991A1C332DC61EB50
                              Memory Dump Source
                              • Source File: 00000000.00000002.3434813036.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                              • Associated: 00000000.00000002.3434766312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435007049.000000000054C000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435101431.00000000005F5000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435161295.00000000005F7000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435180881.00000000005F9000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435200925.0000000000602000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435218251.0000000000603000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435236346.0000000000608000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435252552.000000000060A000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000646000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000064B000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435370961.000000000064E000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_400000_99.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 3ecc2508082488d48193682e6f26f58984e96636c99ea306b37def05e364b22d
                              • Instruction ID: b139701544c1fc2e3c51ed679c9f582cd0ee26e60e85df464550521b24a313ec
                              • Opcode Fuzzy Hash: 3ecc2508082488d48193682e6f26f58984e96636c99ea306b37def05e364b22d
                              • Instruction Fuzzy Hash: CCF0983A001519BFCF125E91AC09AEB3F79BF49360F048411FA1555051D775D961ABB1
                              APIs
                              • LoadStringA.USER32(?,?,?,?), ref: 005410E6
                              Memory Dump Source
                              • Source File: 00000000.00000002.3434813036.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                              • Associated: 00000000.00000002.3434766312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435007049.000000000054C000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435101431.00000000005F5000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435161295.00000000005F7000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435180881.00000000005F9000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435200925.0000000000602000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435218251.0000000000603000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435236346.0000000000608000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435252552.000000000060A000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000646000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000064B000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435370961.000000000064E000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_400000_99.jbxd
                              Similarity
                              • API ID: LoadString
                              • String ID:
                              • API String ID: 2948472770-0
                              • Opcode ID: bf135599487c003f2b305605c79f9f7f88426025f0586891312d7dbd62809344
                              • Instruction ID: f939f413ee3ee9daea3aa6e28fff0db26e1c3099e554dc8a0d40ee394c8223f5
                              • Opcode Fuzzy Hash: bf135599487c003f2b305605c79f9f7f88426025f0586891312d7dbd62809344
                              • Instruction Fuzzy Hash: B4D0A7760193A29BCB01DF608809DCFBFA4BFA5314B044C4DF58043112C320C444C771
                              APIs
                              • SetWindowTextA.USER32(?,004CB5DA), ref: 0053FAF7
                              Memory Dump Source
                              • Source File: 00000000.00000002.3434813036.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                              • Associated: 00000000.00000002.3434766312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435007049.000000000054C000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435101431.00000000005F5000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435161295.00000000005F7000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435180881.00000000005F9000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435200925.0000000000602000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435218251.0000000000603000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435236346.0000000000608000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435252552.000000000060A000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000646000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000064B000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435370961.000000000064E000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_400000_99.jbxd
                              Similarity
                              • API ID: TextWindow
                              • String ID:
                              • API String ID: 530164218-0
                              • Opcode ID: 4697cead35f12af08c046e6909012a92bf4c761188ac3b47b19688dbee84e288
                              • Instruction ID: c3d752062b7ef32c4c57a2bdf7ca7396a148f9f53183215748bf4f9b421df8b6
                              • Opcode Fuzzy Hash: 4697cead35f12af08c046e6909012a92bf4c761188ac3b47b19688dbee84e288
                              • Instruction Fuzzy Hash: BFD09234604201EFCB858F60C958A1ABBA2BF95705F309978F04A8A165DB32CC12EB00
                              APIs
                              • ShowWindow.USER32(?,?,00540777,?,?,?,00000363,00000001,00000000,?,?,?,0053FFE0,?), ref: 0053FBC9
                              Memory Dump Source
                              • Source File: 00000000.00000002.3434813036.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                              • Associated: 00000000.00000002.3434766312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435007049.000000000054C000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435101431.00000000005F5000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435161295.00000000005F7000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435180881.00000000005F9000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435200925.0000000000602000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435218251.0000000000603000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435236346.0000000000608000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435252552.000000000060A000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000646000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000064B000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435370961.000000000064E000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_400000_99.jbxd
                              Similarity
                              • API ID: ShowWindow
                              • String ID:
                              • API String ID: 1268545403-0
                              • Opcode ID: c49b6a4b17e59e24e0ec578886caef6b93289868d4a6b872c8ffed29800c0a7c
                              • Instruction ID: a90ae75559e2a6454aec875693ffa1c8dab48d9682962ee385446d80b6524a54
                              • Opcode Fuzzy Hash: c49b6a4b17e59e24e0ec578886caef6b93289868d4a6b872c8ffed29800c0a7c
                              • Instruction Fuzzy Hash: 21D09274604200AFCF459F60CA68A1ABBA2BFA5709F208978F0468A521D736CC52EB12
                              APIs
                              • DeleteFileA.KERNELBASE(00000000,10015A7E,00000001,10014425,00000000,80000004), ref: 10028E55
                              Memory Dump Source
                              • Source File: 00000000.00000002.3437150810.0000000010000000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_10000000_99.jbxd
                              Similarity
                              • API ID: DeleteFile
                              • String ID:
                              • API String ID: 4033686569-0
                              • Opcode ID: fa2665b6ac963b161292b6cf763d28651fb78e505f2996d4b34d6e62a351a2d0
                              • Instruction ID: ffbd99c73049c44a809e906c9e813abd6042298cab9f2baa300a0a2bd65e465f
                              • Opcode Fuzzy Hash: fa2665b6ac963b161292b6cf763d28651fb78e505f2996d4b34d6e62a351a2d0
                              • Instruction Fuzzy Hash: 5EA00275904611EBDE11DBA4C9DC84B7BACAB84341B108844F155C2130C634D451CB21
                              APIs
                              • IsWindow.USER32(00000000), ref: 1001F57C
                              • IsIconic.USER32(00000000), ref: 1001F86F
                              • GetDCEx.USER32(00000000,00000000,00000020,?,?,?,?,-00000004), ref: 1001F8D4
                              • GetDCEx.USER32(00000000,00000000,00000020,?,?,?,?,-00000004), ref: 1001FE93
                              • GetWindowInfo.USER32(00000000,00000000), ref: 1001FFE2
                              • GetWindowRect.USER32(00000000,?), ref: 100201EB
                              • CreateCompatibleDC.GDI32(00000000), ref: 100205D5
                              • CreateDIBSection.GDI32(00000000,00000000,00000000,00000000), ref: 100206C0
                              • SelectObject.GDI32(00000000,00000000), ref: 10020798
                              • CreateCompatibleDC.GDI32(00000000), ref: 100207D7
                              • SelectObject.GDI32(00000000,00000000), ref: 1002086C
                              • PrintWindow.USER32(00000000,00000000,00000000,?,?,00000000,?,?,?,?,-00000004), ref: 100208A9
                              • BitBlt.GDI32(00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00CC0020), ref: 1002091B
                              • SelectObject.GDI32(00000000,00000000), ref: 10020ADE
                              • GetDIBits.GDI32(00000000,00000000,00000000,00000000,00000000,00000000), ref: 10020CB4
                                • Part of subcall function 10028090: _CIfmod.MSVCRT(?,?,?,1000197A,00000002,?,?,80000601,00000000,40140000,80000601,00000000,00000000,00000001), ref: 100280A8
                                • Part of subcall function 10002461: HeapAlloc.KERNEL32(00000008,?,?,10026C94), ref: 1000247B
                              Memory Dump Source
                              • Source File: 00000000.00000002.3437150810.0000000010000000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_10000000_99.jbxd
                              Similarity
                              • API ID: Window$CreateObjectSelect$Compatible$AllocBitsHeapIconicIfmodInfoPrintRectSection
                              • String ID:
                              • API String ID: 3140154463-0
                              • Opcode ID: 88eda80100b7a025ec30ab416d140f093013ab73758d7af4ff83b5959809b2a7
                              • Instruction ID: ea048d8ca86424f245eedfb131be0975fd1a5b6ab4dedd9bad29979357843bcf
                              • Opcode Fuzzy Hash: 88eda80100b7a025ec30ab416d140f093013ab73758d7af4ff83b5959809b2a7
                              • Instruction Fuzzy Hash: CB13F3B0A40329DBEF20CF54DCC1B99BBB1FF19314F5440A4E648AB241D775AAA4DF25
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.3434813036.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                              • Associated: 00000000.00000002.3434766312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435007049.000000000054C000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435101431.00000000005F5000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435161295.00000000005F7000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435180881.00000000005F9000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435200925.0000000000602000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435218251.0000000000603000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435236346.0000000000608000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435252552.000000000060A000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000646000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000064B000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435370961.000000000064E000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_400000_99.jbxd
                              Similarity
                              • API ID:
                              • String ID: 0U$0U$0U$0U$0U$0U$0U$0U$0U$0U$0U$0U$0U$1U$1U$1U$1U$1U
                              • API String ID: 0-2053601559
                              • Opcode ID: f5981643002315e3867d20d857d2fbaddc308dcf32cc13d85ee0c17e0efba833
                              • Instruction ID: 3dc513303604c8ec11b93f9817ea6afb2e0575ef2b077e510037e5b373eb320d
                              • Opcode Fuzzy Hash: f5981643002315e3867d20d857d2fbaddc308dcf32cc13d85ee0c17e0efba833
                              • Instruction Fuzzy Hash: FA13F9B1A402156FEF14DB95DCC2B6F7BB4EB69314F14003BF605EA392E678AD008769
                              APIs
                              • PathFindFileNameA.SHLWAPI(00000000), ref: 100143A7
                              Memory Dump Source
                              • Source File: 00000000.00000002.3437150810.0000000010000000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_10000000_99.jbxd
                              Similarity
                              • API ID: FileFindNamePath
                              • String ID:
                              • API String ID: 1422272338-0
                              • Opcode ID: 99df5d900b6e414d0bfd38c5d694c446ba1b82b0c4736fb808a4b7e13684f695
                              • Instruction ID: 6aa6a69dd7cd03d5bb48bed33b8f4d969fd18b6c87b19858859c797241170964
                              • Opcode Fuzzy Hash: 99df5d900b6e414d0bfd38c5d694c446ba1b82b0c4736fb808a4b7e13684f695
                              • Instruction Fuzzy Hash: 6A8276B5E40309ABEB10DFD0DC82F9E77B4EF14741F550025F608BE291EBB2AA558B52
                              APIs
                              • GetCurrentThreadId.KERNEL32 ref: 004C11B5
                              • IsWindow.USER32(000103CC), ref: 004C11D1
                              • SendMessageA.USER32(000103CC,000083E7,?,00000000), ref: 004C11EA
                              • ExitProcess.KERNEL32 ref: 004C11FF
                              • FreeLibrary.KERNEL32(?), ref: 004C12E3
                              • FreeLibrary.KERNEL32 ref: 004C1337
                              • DestroyIcon.USER32(00000000), ref: 004C1387
                              • DestroyIcon.USER32(00000000), ref: 004C139E
                              • IsWindow.USER32(000103CC), ref: 004C13B5
                              • DestroyIcon.USER32(?,00000001,00000000,000000FF), ref: 004C1464
                              • WSACleanup.WS2_32 ref: 004C14AF
                              Memory Dump Source
                              • Source File: 00000000.00000002.3434813036.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                              • Associated: 00000000.00000002.3434766312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435007049.000000000054C000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435101431.00000000005F5000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435161295.00000000005F7000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435180881.00000000005F9000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435200925.0000000000602000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435218251.0000000000603000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435236346.0000000000608000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435252552.000000000060A000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000646000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000064B000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435370961.000000000064E000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_400000_99.jbxd
                              Similarity
                              • API ID: DestroyIcon$FreeLibraryWindow$CleanupCurrentExitMessageProcessSendThread
                              • String ID:
                              • API String ID: 3816745216-0
                              • Opcode ID: ab605e601011c195067f729f6f082a494ce1584e375195af066326b1b0657f0d
                              • Instruction ID: a8b9dfeac2a3e7cf1033ebc6aeb7bf9be08704b6a92352899359fcd1ef617b2a
                              • Opcode Fuzzy Hash: ab605e601011c195067f729f6f082a494ce1584e375195af066326b1b0657f0d
                              • Instruction Fuzzy Hash: 36B18DB86007029BD764DF65C8C5FABB7E8BF85304F00452EE59AD72A2DB34B941CB58
                              Memory Dump Source
                              • Source File: 00000000.00000002.3434813036.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                              • Associated: 00000000.00000002.3434766312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435007049.000000000054C000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435101431.00000000005F5000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435161295.00000000005F7000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435180881.00000000005F9000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435200925.0000000000602000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435218251.0000000000603000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435236346.0000000000608000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435252552.000000000060A000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000646000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000064B000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435370961.000000000064E000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_400000_99.jbxd
                              Similarity
                              • API ID: AllocHeap
                              • String ID:
                              • API String ID: 4292702814-0
                              • Opcode ID: 384c80a31e066a2db2a3aebd0c6e04971a058bd011e2b7e25276e39594152445
                              • Instruction ID: 3a1b852e1b4e554b1c05cccfb0287e44ef10decbb920bfa5cfd039f01aa4bd13
                              • Opcode Fuzzy Hash: 384c80a31e066a2db2a3aebd0c6e04971a058bd011e2b7e25276e39594152445
                              • Instruction Fuzzy Hash: B062B1B5E00206CFCB14CF58C880AAEB7B5FF6A314F24855EE8169B760D7389D41CB5A
                              APIs
                              • InterlockedExchange.KERNEL32(1002D459,?), ref: 1000C917
                              • InterlockedExchange.KERNEL32(1002D45D,?), ref: 1000C9CE
                              • InterlockedExchange.KERNEL32(1002D461,?), ref: 1000CA85
                              • InterlockedExchange.KERNEL32(1002D465,?), ref: 1000CB3C
                              • InterlockedExchange.KERNEL32(1002D469,?), ref: 1000CBF3
                              • InterlockedExchange.KERNEL32(1002D455,?), ref: 1000CCAA
                                • Part of subcall function 10001D56: IsBadCodePtr.KERNEL32(00000000), ref: 10001D73
                              • GetWindowThreadProcessId.USER32(1000C613,00000000), ref: 1000CCFD
                              Memory Dump Source
                              • Source File: 00000000.00000002.3437150810.0000000010000000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_10000000_99.jbxd
                              Similarity
                              • API ID: ExchangeInterlocked$CodeProcessThreadWindow
                              • String ID:
                              • API String ID: 1323220708-0
                              • Opcode ID: a57e3a7ebe96e369419e08ba99744fb8776840faf4a81f30f508d6abc0fe4111
                              • Instruction ID: 2b64659c084c5c153bef61b4d063f84a8c6e811bd728d09e8d095ab07dd3c45c
                              • Opcode Fuzzy Hash: a57e3a7ebe96e369419e08ba99744fb8776840faf4a81f30f508d6abc0fe4111
                              • Instruction Fuzzy Hash: AF5308B5E00348ABEF11DFD4DC82FADBBB5EF08344F540029FA04BA296D7B669548B15
                              APIs
                              • GetWindowRect.USER32(00000001,00000001), ref: 1002140D
                              • GetDCEx.USER32(00000000,00000000,00000020,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 100218AD
                              • CreateCompatibleDC.GDI32(00000000), ref: 100218DC
                              • SelectObject.GDI32(00000000,00000000), ref: 1002195D
                              • PrintWindow.USER32(00000001,00000000,00000000), ref: 10021994
                              • GetObjectA.GDI32(00000000,00000018,00000000), ref: 10021A33
                              • GetDIBits.GDI32(00000000,00000000,00000000,00000000,00000000,00000000), ref: 10021CA1
                              • SelectObject.GDI32(00000000,00000000), ref: 100220CA
                              • ReleaseDC.USER32(00000000,00000000), ref: 10022153
                              Memory Dump Source
                              • Source File: 00000000.00000002.3437150810.0000000010000000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_10000000_99.jbxd
                              Similarity
                              • API ID: Object$SelectWindow$BitsCompatibleCreatePrintRectRelease
                              • String ID:
                              • API String ID: 2343085801-0
                              • Opcode ID: 63133bb0db85fb87063aa834a4ef367d52919f1049c1e49f4a6d5bd8347d4e59
                              • Instruction ID: af8189180e66b16a91b6480abd6d1d91958fea63da9546105489bf86ff406ccc
                              • Opcode Fuzzy Hash: 63133bb0db85fb87063aa834a4ef367d52919f1049c1e49f4a6d5bd8347d4e59
                              • Instruction Fuzzy Hash: A7A2BCB4E40359ABEF10CF94DC81B9DBBB1FF09304F604064EA09AB295D3B56965CB26
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.3434813036.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                              • Associated: 00000000.00000002.3434766312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435007049.000000000054C000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435101431.00000000005F5000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435161295.00000000005F7000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435180881.00000000005F9000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435200925.0000000000602000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435218251.0000000000603000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435236346.0000000000608000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435252552.000000000060A000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000646000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000064B000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435370961.000000000064E000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_400000_99.jbxd
                              Similarity
                              • API ID:
                              • String ID: 1U$1U$1U$1U$1U$1U$1U
                              • API String ID: 0-2766777065
                              • Opcode ID: 2146b43c212e61ce61e11899c7f204231aba3d436a933e5757d966e2a3d0f8a1
                              • Instruction ID: f0ef60048866ff6e875f8d688364f453b1eb4d88cbdb7b7aa638a88afca0c580
                              • Opcode Fuzzy Hash: 2146b43c212e61ce61e11899c7f204231aba3d436a933e5757d966e2a3d0f8a1
                              • Instruction Fuzzy Hash: 9CE27EB1E003189BEF20DF94DC81B9DB7B4FB58304F24416AE608BB295E7B96D448F59
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.3437150810.0000000010000000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_10000000_99.jbxd
                              Similarity
                              • API ID:
                              • String ID: ?$\$\REGISTRY\MACHINE$\REGISTRY\MACHINE\SYSTEM\CURRENTCONTROLSET\HARDWARE PROFILES\CURRENT$\REGISTRY\USER$_Classes
                              • API String ID: 0-1655980394
                              • Opcode ID: e22ae917082b87936fa41f08c48656746adfa22af9818a3601b39729e2dc5093
                              • Instruction ID: cfee4882955295f256346ab5d35a508912345f973a0f1410f6445f43bbb6ad63
                              • Opcode Fuzzy Hash: e22ae917082b87936fa41f08c48656746adfa22af9818a3601b39729e2dc5093
                              • Instruction Fuzzy Hash: 379124B5E00209EFDF40DFD4DD85BAE7BB8FF18240F604429E60DAA241D7759B849B62
                              APIs
                              • UnmapViewOfFile.KERNEL32(00000000,00000000,00000000,?,00000018,00000000,00000000,00000000,00000000,00000000,00000018,00000000,00000000,00000000,00000000,00000000), ref: 100226B0
                              Memory Dump Source
                              • Source File: 00000000.00000002.3437150810.0000000010000000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_10000000_99.jbxd
                              Similarity
                              • API ID: FileUnmapView
                              • String ID:
                              • API String ID: 2564024751-0
                              • Opcode ID: fcdb37980512f5c2a5454dd6e4788c6138146d17f3cde7f746c149f80b301426
                              • Instruction ID: aca3888e1ced534dfb8bff30dc6f5772290e13aa398f14ea119e8b9ebb5f1563
                              • Opcode Fuzzy Hash: fcdb37980512f5c2a5454dd6e4788c6138146d17f3cde7f746c149f80b301426
                              • Instruction Fuzzy Hash: CED1AF75D40209FBEF219FE0EC46BDDBAB1EB09714F608115F6203A2E0C7B62A549F59
                              APIs
                              • GetDC.USER32(00000000), ref: 1001A976
                              • SelectObject.GDI32(00000000,00000000), ref: 1001A9E8
                              • SelectObject.GDI32(00000000,00000000), ref: 1001ABA2
                              • ReleaseDC.USER32(00000000,00000000), ref: 1001ABFD
                              Memory Dump Source
                              • Source File: 00000000.00000002.3437150810.0000000010000000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_10000000_99.jbxd
                              Similarity
                              • API ID: ObjectSelect$Release
                              • String ID:
                              • API String ID: 3581861777-0
                              • Opcode ID: 016045839d6574eced5056fb230da70806107c6e75e1076cf05294477ed0f175
                              • Instruction ID: 0a28f281d22c81f76b667070ee8f4b39c3514b9b46e69f88ae8cd14bf3a1b365
                              • Opcode Fuzzy Hash: 016045839d6574eced5056fb230da70806107c6e75e1076cf05294477ed0f175
                              • Instruction Fuzzy Hash: 2B9116B0D40309EBDF01EF81DC86BAEBBB1EB0A715F005015F6187A290D3B69691CF96
                              APIs
                              • GetWindow.USER32(?,00000005), ref: 1001A773
                              • IsWindowVisible.USER32(00000000), ref: 1001A7AC
                              • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 1001A7E9
                              • GetWindow.USER32(00000000,00000002), ref: 1001A872
                              Memory Dump Source
                              • Source File: 00000000.00000002.3437150810.0000000010000000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_10000000_99.jbxd
                              Similarity
                              • API ID: Window$ProcessThreadVisible
                              • String ID:
                              • API String ID: 569392824-0
                              • Opcode ID: 7eb4792724a3c751574948ed2bef03bc1f82abfcdfbe86bfaa65a7c348e8a528
                              • Instruction ID: 356be4359fdaef5b37944779847d5b641f80ef076249e3ad3302764c89b6051f
                              • Opcode Fuzzy Hash: 7eb4792724a3c751574948ed2bef03bc1f82abfcdfbe86bfaa65a7c348e8a528
                              • Instruction Fuzzy Hash: 284105B4D40219EBEB40EF90DC87BAEFBB0FB06711F105065E5097E190E7B19A90CB96
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.3437150810.0000000010000000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_10000000_99.jbxd
                              Similarity
                              • API ID: Close
                              • String ID: ($`+8w
                              • API String ID: 3535843008-3099371866
                              • Opcode ID: 7a332dac4401a920269cba03dc06d0fc5b09a4c31d79a57ea6b303e349c4f0f0
                              • Instruction ID: acc8f56f01466ae78c1c2cfb7f14f5a9cb3254fd2462285b483ece6b545600e1
                              • Opcode Fuzzy Hash: 7a332dac4401a920269cba03dc06d0fc5b09a4c31d79a57ea6b303e349c4f0f0
                              • Instruction Fuzzy Hash: 41220CB5D00219ABEF00DFE4ECC1BAEB775FF18340F504028FA15BA256D776A9608B61
                              APIs
                              • SystemParametersInfoA.USER32(00000059,00000000,00000000,00000000), ref: 100156E3
                              • SystemParametersInfoA.USER32(0000005A,00000000,00000000,00000002), ref: 100158B9
                              • UnloadKeyboardLayout.USER32(00000000), ref: 100159A5
                              Memory Dump Source
                              • Source File: 00000000.00000002.3437150810.0000000010000000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_10000000_99.jbxd
                              Similarity
                              • API ID: InfoParametersSystem$KeyboardLayoutUnload
                              • String ID:
                              • API String ID: 1487128349-0
                              • Opcode ID: 0226bddf635d607848fcc8a3ce1956f1dfd2ff90d5e67fe2f9c10deefa186aa5
                              • Instruction ID: 050fea7ffa1bc3994f10f6bed9b27e470259e4e1db6febdaadab7ec0439d0979
                              • Opcode Fuzzy Hash: 0226bddf635d607848fcc8a3ce1956f1dfd2ff90d5e67fe2f9c10deefa186aa5
                              • Instruction Fuzzy Hash: 224245B5E40305EBEB00DF94DCC2FAE77A4EF18355F540025E605BF286E776AA448B62
                              APIs
                              • ReleaseMutex.KERNEL32(?,?,10026B6B), ref: 100141AB
                              • NtClose.NTDLL(?), ref: 100141D7
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.3437150810.0000000010000000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_10000000_99.jbxd
                              Similarity
                              • API ID: CloseMutexRelease
                              • String ID: `+8w
                              • API String ID: 2985832019-4152678778
                              • Opcode ID: 9673063f24b859f5e245c19442cbc28e39fa0f3f237a8bfddd1f83e277d98800
                              • Instruction ID: 38ac61447b851c898caa1bdb063a432cf123be9b48bf26603be34453f4d11833
                              • Opcode Fuzzy Hash: 9673063f24b859f5e245c19442cbc28e39fa0f3f237a8bfddd1f83e277d98800
                              • Instruction Fuzzy Hash: 69F08CB0E41308F7DA00AF50DC03B7DBA30EB16751F105021FA087E0A0DBB29A659A9A
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.3434813036.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                              • Associated: 00000000.00000002.3434766312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435007049.000000000054C000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435101431.00000000005F5000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435161295.00000000005F7000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435180881.00000000005F9000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435200925.0000000000602000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435218251.0000000000603000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435236346.0000000000608000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435252552.000000000060A000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000646000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000064B000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435370961.000000000064E000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_400000_99.jbxd
                              Similarity
                              • API ID:
                              • String ID: 1U$1U$1U
                              • API String ID: 0-576548870
                              • Opcode ID: 589debac92b7fa5d9637f029a21f555c2a0bdd1c6852b6ea932f428f2b2e11f9
                              • Instruction ID: e1e516965b9bcd06a135b273d545edc186efd4554bf8ea661df8991f20c9c05e
                              • Opcode Fuzzy Hash: 589debac92b7fa5d9637f029a21f555c2a0bdd1c6852b6ea932f428f2b2e11f9
                              • Instruction Fuzzy Hash: E8522271A002069FDB10DB99CCD5BAF7BF8AF19301F08006AE906E7362D679DD58C769
                              APIs
                              • WindowFromDC.USER32(00000000), ref: 100237BF
                              • GetCurrentObject.GDI32(00000000,00000007), ref: 100237FF
                              Memory Dump Source
                              • Source File: 00000000.00000002.3437150810.0000000010000000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_10000000_99.jbxd
                              Similarity
                              • API ID: CurrentFromObjectWindow
                              • String ID:
                              • API String ID: 1970099965-0
                              • Opcode ID: b4fc28a30c016e0f3434186770363817d1562ad41469c0952657f73b3ef3185f
                              • Instruction ID: 5e3447216257589ac88371f0c3b1c154c22f3bd6e68f106655ab8dd4a69be074
                              • Opcode Fuzzy Hash: b4fc28a30c016e0f3434186770363817d1562ad41469c0952657f73b3ef3185f
                              • Instruction Fuzzy Hash: 9F313770D40308EBDB00DF90D886BADBBB0FB0A751F409065F6087E290E7B19A54DF96
                              Memory Dump Source
                              • Source File: 00000000.00000002.3434813036.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                              • Associated: 00000000.00000002.3434766312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435007049.000000000054C000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435101431.00000000005F5000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435161295.00000000005F7000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435180881.00000000005F9000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435200925.0000000000602000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435218251.0000000000603000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435236346.0000000000608000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435252552.000000000060A000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000646000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000064B000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435370961.000000000064E000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_400000_99.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 771701af439e7741e8b736f4cddd772223e38c3ecf2aff1b02426f532dbc2525
                              • Instruction ID: 885c83fdb631eeaace7fb36d59334b7deb6e1ec8d74847595a102efabcc5be8e
                              • Opcode Fuzzy Hash: 771701af439e7741e8b736f4cddd772223e38c3ecf2aff1b02426f532dbc2525
                              • Instruction Fuzzy Hash: 4FF01935106129ABCF119FA4EC08AFE3FA9BF26345B048420F816D40E1DF30DA18AB50
                              APIs
                              • GetKeyState.USER32(00000010), ref: 00540936
                              • GetKeyState.USER32(00000011), ref: 0054093F
                              • GetKeyState.USER32(00000012), ref: 00540948
                              Memory Dump Source
                              • Source File: 00000000.00000002.3434813036.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                              • Associated: 00000000.00000002.3434766312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435007049.000000000054C000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435101431.00000000005F5000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435161295.00000000005F7000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435180881.00000000005F9000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435200925.0000000000602000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435218251.0000000000603000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435236346.0000000000608000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435252552.000000000060A000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000646000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000064B000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435370961.000000000064E000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_400000_99.jbxd
                              Similarity
                              • API ID: State
                              • String ID:
                              • API String ID: 1649606143-0
                              • Opcode ID: 7aa843c7282437d1d763950287ab87454fa782503b19b2a1c8bf667ab2f0c252
                              • Instruction ID: a0cd228324f30461e43bc4bc103ae5e27b1d3d58b7c5b2be9f311174e530509e
                              • Opcode Fuzzy Hash: 7aa843c7282437d1d763950287ab87454fa782503b19b2a1c8bf667ab2f0c252
                              • Instruction Fuzzy Hash: A4E092375012ABAEFE8092558944FF56F907B5079CF21A451EB88AB0D7C6B0988A9760
                              APIs
                              • GetStockObject.GDI32(00000011), ref: 1001ACD1
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.3437150810.0000000010000000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_10000000_99.jbxd
                              Similarity
                              • API ID: ObjectStock
                              • String ID:
                              • API String ID: 3428563643-3916222277
                              • Opcode ID: 34811a479ff939bbd0d37306ad3751707146f9b865cac1cf01731385c4780bb4
                              • Instruction ID: b9a15d43875d05f13c7aca3fde3137a0688d1b6e1dffe905ed574dcac1c1d11e
                              • Opcode Fuzzy Hash: 34811a479ff939bbd0d37306ad3751707146f9b865cac1cf01731385c4780bb4
                              • Instruction Fuzzy Hash: AE325BB5A402569FEB00CF98DCC1B99BBF4FF29314F580065E546AB342D379B991CB22
                              APIs
                              • InterlockedExchange.KERNEL32(1002D531,?), ref: 10025544
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.3437150810.0000000010000000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_10000000_99.jbxd
                              Similarity
                              • API ID: ExchangeInterlocked
                              • String ID: Thread
                              • API String ID: 367298776-915163573
                              • Opcode ID: 0f35051adc867b6f3eb31b1a967cfc10eed751901f350b72bdb8150afa714329
                              • Instruction ID: e87a296fab3b19ef06520bc3e141919b3527ea124beb15feda4261f24f1e3c13
                              • Opcode Fuzzy Hash: 0f35051adc867b6f3eb31b1a967cfc10eed751901f350b72bdb8150afa714329
                              • Instruction Fuzzy Hash: 38F116B5E00259ABEF00DFE4EC81BDDBBB5FF08314F640025F605BA241D7B6A9548B65
                              APIs
                              • InterlockedExchange.KERNEL32(1002D529,?), ref: 10024841
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.3437150810.0000000010000000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_10000000_99.jbxd
                              Similarity
                              • API ID: ExchangeInterlocked
                              • String ID: Process
                              • API String ID: 367298776-1235230986
                              • Opcode ID: d2f68a8877050e88ca52d3a1b362dc4e0adfd70d905bf2d7a8a251b6a21b3eb8
                              • Instruction ID: 84bd04864f9d1e807072be8e5ab147b3cae892089b2f3c2b5496a308401e609c
                              • Opcode Fuzzy Hash: d2f68a8877050e88ca52d3a1b362dc4e0adfd70d905bf2d7a8a251b6a21b3eb8
                              • Instruction Fuzzy Hash: 85E104B5E41259ABEF00DFE4EC81B9DBBB5FF08304F640025F605BA241EB75A954CB61
                              APIs
                              • lstrlen.KERNEL32(00000000,000000FF,00000000,?,00000000,00000000,?,0000009C,00000000,?,?,FFFFFF9C,00000000), ref: 10026700
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.3437150810.0000000010000000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_10000000_99.jbxd
                              Similarity
                              • API ID: lstrlen
                              • String ID: #
                              • API String ID: 1659193697-1885708031
                              • Opcode ID: 883767a72cd1c5db3c7b5e4b803f6ee709ba1c5302a0776715e670f278f7bc25
                              • Instruction ID: 30fcd15e93819707c4a405128049bbda1367cf8e2b4a4446b34ba685154cf5d7
                              • Opcode Fuzzy Hash: 883767a72cd1c5db3c7b5e4b803f6ee709ba1c5302a0776715e670f278f7bc25
                              • Instruction Fuzzy Hash: 2232CF70D0061DEBEB10DFD0EC99BADBBB4FF48340F618094E495BA199CB715AB58B14
                              APIs
                              • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,FFFFFFFF,00000000,00000000,00000000,00000000,00000000,?,?,?,?,?,10007D8B,00000000), ref: 10007EA0
                              • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,FFFFFFFF,10007D8B,00000000,00000000,00000000,00000000,00000000), ref: 10007F7E
                              Memory Dump Source
                              • Source File: 00000000.00000002.3437150810.0000000010000000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_10000000_99.jbxd
                              Similarity
                              • API ID: ByteCharMultiWide
                              • String ID:
                              • API String ID: 626452242-0
                              • Opcode ID: bda0d135b53912d681397df84b39cfb901c8e1d28ca02e616f5f005ca4c51389
                              • Instruction ID: b3f739b553b0eb222627b335ec04950199b8c6fc0fb38b6c76c83e211291c2b2
                              • Opcode Fuzzy Hash: bda0d135b53912d681397df84b39cfb901c8e1d28ca02e616f5f005ca4c51389
                              • Instruction Fuzzy Hash: 62417C74E0020DFBEB10DFD0EC46BAEBBB4FB08750F204165F618BA195DBB56A608B55
                              APIs
                              • WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 1001368C
                              • WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,00000000), ref: 10013744
                              Memory Dump Source
                              • Source File: 00000000.00000002.3437150810.0000000010000000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_10000000_99.jbxd
                              Similarity
                              • API ID: ByteCharMultiWide
                              • String ID:
                              • API String ID: 626452242-0
                              • Opcode ID: 29862c888924d45c4ba2e300f17eb5bcd02a481ba966d84d668dfe1bb4d5aab7
                              • Instruction ID: dea56998412ea2cd2e2e07e98f2853e180ac33eb45cb94fa257388ef996dc557
                              • Opcode Fuzzy Hash: 29862c888924d45c4ba2e300f17eb5bcd02a481ba966d84d668dfe1bb4d5aab7
                              • Instruction Fuzzy Hash: 543141B5E40309BBEB50DFD49C82FAE7BB4EB04710F108055FA18BE2C1D7B6A6909B55
                              APIs
                              • ExpandEnvironmentStringsA.KERNEL32(00000000,00000000,00000000,?,?,?,?,100172C1,00000000,00000000,00000000), ref: 10017D82
                              • ExpandEnvironmentStringsA.KERNEL32(00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?,100172C1), ref: 10017E29
                              Memory Dump Source
                              • Source File: 00000000.00000002.3437150810.0000000010000000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_10000000_99.jbxd
                              Similarity
                              • API ID: EnvironmentExpandStrings
                              • String ID:
                              • API String ID: 237503144-0
                              • Opcode ID: 69d3f48662c60aa8471e2db2691721ec0b878157a118ab2c20fe49b153d34404
                              • Instruction ID: 93bfbce67b494b6763231a081cd11fe6566247fc84b5e7443ef84a885c003b65
                              • Opcode Fuzzy Hash: 69d3f48662c60aa8471e2db2691721ec0b878157a118ab2c20fe49b153d34404
                              • Instruction Fuzzy Hash: 96313675E00309BBEB51DED49C82FAE7BF4EF08704F104065FA08BB242D772AA509B55
                              APIs
                              • DispatchMessageA.USER32(1001176C), ref: 100116D4
                              • CallWindowProcA.USER32(?,?,?,?), ref: 10011714
                              Memory Dump Source
                              • Source File: 00000000.00000002.3437150810.0000000010000000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_10000000_99.jbxd
                              Similarity
                              • API ID: CallDispatchMessageProcWindow
                              • String ID:
                              • API String ID: 3568206097-0
                              • Opcode ID: 4482fe2aa797ff1df0b8a016cfba6ab4f1edf6d8360ca980b76e75974128ba22
                              • Instruction ID: 63bf1ad0f6820a7cfc32d841282287ffa4cda79eab35e4a2f1e5c3704b1abdfe
                              • Opcode Fuzzy Hash: 4482fe2aa797ff1df0b8a016cfba6ab4f1edf6d8360ca980b76e75974128ba22
                              • Instruction Fuzzy Hash: AE21C775E40318EBDB00EF94DCC2A9DBBB1FB0D310F5040A5EA08AB351D371AA90DB52
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.3437150810.0000000010000000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_10000000_99.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID: 0-3916222277
                              • Opcode ID: 1d3d201b3cf0f4e34ced4be5fd0ab536c8b491c3572058b51f69840eb97b3778
                              • Instruction ID: 90b3556d9a436454375a3f12806074c3db2d9078b135128fdcdde92096655a79
                              • Opcode Fuzzy Hash: 1d3d201b3cf0f4e34ced4be5fd0ab536c8b491c3572058b51f69840eb97b3778
                              • Instruction Fuzzy Hash: 52C2B7B4F40346ABFB11CA94DCC2B9E77B0EB08390F214165F658FA2DAD7B15E408B56
                              APIs
                              • MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,FFFFFFFF,00000000,00000000,00000000,00000000,?,?,?,100078F7,00000000,00000000,00000000), ref: 10002169
                              • MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,FFFFFFFF,00000000,00000002,00000000,00000000,?,?,?,?,?,?,?,100078F7), ref: 1000222A
                              Memory Dump Source
                              • Source File: 00000000.00000002.3437150810.0000000010000000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_10000000_99.jbxd
                              Similarity
                              • API ID: ByteCharMultiWide
                              • String ID:
                              • API String ID: 626452242-0
                              • Opcode ID: e01d84eb64cce406f4b39f0ec6733233002c155c01e245fd4058cdbcce10abd4
                              • Instruction ID: e83377b6f6ad2707753203cfccfcc485ecbfcdf7635717af9e37d537513bb723
                              • Opcode Fuzzy Hash: e01d84eb64cce406f4b39f0ec6733233002c155c01e245fd4058cdbcce10abd4
                              • Instruction Fuzzy Hash: 29814D75E00209ABEF00DFD4DC86FEEBBB4EF08340F504065FA14BA285D7B5AA548B55
                              Memory Dump Source
                              • Source File: 00000000.00000002.3434813036.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                              • Associated: 00000000.00000002.3434766312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435007049.000000000054C000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435101431.00000000005F5000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435161295.00000000005F7000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435180881.00000000005F9000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435200925.0000000000602000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435218251.0000000000603000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435236346.0000000000608000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435252552.000000000060A000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000646000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000064B000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435370961.000000000064E000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_400000_99.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: bb263e40eef90020d8df99a0481a0bf6f657d7eeb7ef3a2081f39f90c67f06aa
                              • Instruction ID: b204e07f85e29a2e084b91472d4023c6c348eb4d932d4cee8586dd8f60186bc1
                              • Opcode Fuzzy Hash: bb263e40eef90020d8df99a0481a0bf6f657d7eeb7ef3a2081f39f90c67f06aa
                              • Instruction Fuzzy Hash: 10926A71604B818FD329CF2AC0906A7FBE2BFA9304F24892ED5DB87B51D635B845CB45
                              APIs
                              • InterlockedExchange.KERNEL32(1002D519,?), ref: 1001DD15
                              Memory Dump Source
                              • Source File: 00000000.00000002.3437150810.0000000010000000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_10000000_99.jbxd
                              Similarity
                              • API ID: ExchangeInterlocked
                              • String ID:
                              • API String ID: 367298776-0
                              • Opcode ID: 9c37b9bfe50d47b947943e5bde51b1b3a93ad00f865aaf561d5891f7ad451c75
                              • Instruction ID: 7a99189caa79d54ac912ebbbba7bdc920c16141239c7c74b934a59564cf638f4
                              • Opcode Fuzzy Hash: 9c37b9bfe50d47b947943e5bde51b1b3a93ad00f865aaf561d5891f7ad451c75
                              • Instruction Fuzzy Hash: 2A6238B5E40348ABEB10DF94DC82F9DBBB5FF08344F244025F608BE292E7B5A9558B51
                              APIs
                              • PathFindFileNameA.SHLWAPI(00000000,?,00000000,00000000,00000000,00000000,0000001C,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 1001C7F6
                              Memory Dump Source
                              • Source File: 00000000.00000002.3437150810.0000000010000000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_10000000_99.jbxd
                              Similarity
                              • API ID: FileFindNamePath
                              • String ID:
                              • API String ID: 1422272338-0
                              • Opcode ID: 3ce329e3a20423f96f3b41afa93414c0c1b70f2e1088a8521e8c07d6fc2c152a
                              • Instruction ID: f98056538ddd495e24e8dfbf0cad4fd33bc614c33abef30b02bddadc29e55c32
                              • Opcode Fuzzy Hash: 3ce329e3a20423f96f3b41afa93414c0c1b70f2e1088a8521e8c07d6fc2c152a
                              • Instruction Fuzzy Hash: 364240B5A40219ABEB00DF94ECC2F9EB7B4FF5C354F140025EA09BF241E775A9508B66
                              APIs
                              • InterlockedExchange.KERNEL32(1002D535,?), ref: 10025AFF
                              Memory Dump Source
                              • Source File: 00000000.00000002.3437150810.0000000010000000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_10000000_99.jbxd
                              Similarity
                              • API ID: ExchangeInterlocked
                              • String ID:
                              • API String ID: 367298776-0
                              • Opcode ID: 1d3983c04ef36cd81e02ff80b8e386635ef27858c32e0cbda266982c8d298185
                              • Instruction ID: ec57d409bd248faccfe3f0420db7539557fe035a6b0d78d3a35a1a7dfc2ec437
                              • Opcode Fuzzy Hash: 1d3983c04ef36cd81e02ff80b8e386635ef27858c32e0cbda266982c8d298185
                              • Instruction Fuzzy Hash: AC5208B5E00208ABEF01DF94EC82FDDBBB5FF08314F544029F614BA292D7B5A9548B65
                              APIs
                              • LoadLibraryExA.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000001,00000000,00000001,00000000,00000001,00000000,00000000,00000000,00000000), ref: 1001D53E
                                • Part of subcall function 10001D56: IsBadCodePtr.KERNEL32(00000000), ref: 10001D73
                              Memory Dump Source
                              • Source File: 00000000.00000002.3437150810.0000000010000000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_10000000_99.jbxd
                              Similarity
                              • API ID: CodeLibraryLoad
                              • String ID:
                              • API String ID: 4269728939-0
                              • Opcode ID: 65fad49489424e2679975017eff27f475cb1f496b382636ee17d060b9eab1fb1
                              • Instruction ID: 8ca3c93d7244418e6012e556740facccd0f38a3c9c4ff1909e44a403dc44f6d3
                              • Opcode Fuzzy Hash: 65fad49489424e2679975017eff27f475cb1f496b382636ee17d060b9eab1fb1
                              • Instruction Fuzzy Hash: BC421AB5E40318AFEF50EF94DC82BDDBBB1FB08740F500125F618BA295D7B6A9808B55
                              Memory Dump Source
                              • Source File: 00000000.00000002.3434813036.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                              • Associated: 00000000.00000002.3434766312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435007049.000000000054C000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435101431.00000000005F5000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435161295.00000000005F7000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435180881.00000000005F9000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435200925.0000000000602000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435218251.0000000000603000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435236346.0000000000608000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435252552.000000000060A000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000646000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000064B000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435370961.000000000064E000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_400000_99.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: d1484a382a35ca144895018c05f07d4fbe177e835d982c94cc9d61be5e1bbb48
                              • Instruction ID: 546415cc21302476aefcfbbde1703e9f95ee371ca4234b75d61d54669777838c
                              • Opcode Fuzzy Hash: d1484a382a35ca144895018c05f07d4fbe177e835d982c94cc9d61be5e1bbb48
                              • Instruction Fuzzy Hash: 48328E74E002169BCB54DFA8C886BAEB7B5FF48314F24416EE506A7381D738AD41CBE5
                              APIs
                                • Part of subcall function 10028720: atoi.MSVCRT(00000000), ref: 1002877E
                              • RtlMoveMemory.NTDLL(00000000,00000000,00000000), ref: 1000918C
                              Memory Dump Source
                              • Source File: 00000000.00000002.3437150810.0000000010000000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_10000000_99.jbxd
                              Similarity
                              • API ID: MemoryMoveatoi
                              • String ID:
                              • API String ID: 2867837884-0
                              • Opcode ID: f552e5f7024ba99e615796b6465fd8c68d714aa37df417cf295f447d032c11c8
                              • Instruction ID: c625aa631b3fd7664a23ceac8d029317df328e953ac31412f977eb30fe789f83
                              • Opcode Fuzzy Hash: f552e5f7024ba99e615796b6465fd8c68d714aa37df417cf295f447d032c11c8
                              • Instruction Fuzzy Hash: 1A023DB5A40216AFFB00DF94DCC1BAEB7A5FF58354F240025E905AB385E7B5B950CB22
                              APIs
                              • RtlMoveMemory.NTDLL(00000000), ref: 1000665A
                              Memory Dump Source
                              • Source File: 00000000.00000002.3437150810.0000000010000000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_10000000_99.jbxd
                              Similarity
                              • API ID: MemoryMove
                              • String ID:
                              • API String ID: 1951056069-0
                              • Opcode ID: eb4082b09fd2d382939d01306d0fc3fdf797f862dfdaeaedf174d431bc084b9e
                              • Instruction ID: de403b7ac96d81ad167a5567031b13b093eba99a0845d2f8fdd956dd85fb778c
                              • Opcode Fuzzy Hash: eb4082b09fd2d382939d01306d0fc3fdf797f862dfdaeaedf174d431bc084b9e
                              • Instruction Fuzzy Hash: 12B151B5A812969BFF00CF58DCC1B95B7E1EF69324B291470E846AF344D378B861DB21
                              APIs
                              • GetKeyboardLayoutList.USER32(00000040,?,00000000,00000000), ref: 10015BEE
                              Memory Dump Source
                              • Source File: 00000000.00000002.3437150810.0000000010000000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_10000000_99.jbxd
                              Similarity
                              • API ID: KeyboardLayoutList
                              • String ID:
                              • API String ID: 4253248152-0
                              • Opcode ID: 44a60376c71096be39f78b695e39bf06f4d8816049d5a531e66a3b74c91e060c
                              • Instruction ID: 3f0b898e91331e47705899626b39ccd446a255f5e12301d86a1815f33d743008
                              • Opcode Fuzzy Hash: 44a60376c71096be39f78b695e39bf06f4d8816049d5a531e66a3b74c91e060c
                              • Instruction Fuzzy Hash: 487158F6E00205AFEB00DFA4ECC2BAE77E5EF58251F540025E609EF341E775A9448B62
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.3434813036.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                              • Associated: 00000000.00000002.3434766312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435007049.000000000054C000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435101431.00000000005F5000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435161295.00000000005F7000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435180881.00000000005F9000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435200925.0000000000602000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435218251.0000000000603000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435236346.0000000000608000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435252552.000000000060A000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000646000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000064B000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435370961.000000000064E000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_400000_99.jbxd
                              Similarity
                              • API ID:
                              • String ID: 1U
                              • API String ID: 0-271272071
                              • Opcode ID: 90274c9a2ce69eea4a337d99adccde2e6bf31e4d81effe8ab52fcca9b285fa26
                              • Instruction ID: 9798ca9a77f3d12e52bb9cfab5b44f32b3f98414f928af7b353cdf4897e6cae6
                              • Opcode Fuzzy Hash: 90274c9a2ce69eea4a337d99adccde2e6bf31e4d81effe8ab52fcca9b285fa26
                              • Instruction Fuzzy Hash: 26F16F71E00168CBDB34CF58CCE0BEDB7B1FB49304F1481AAC9896B241D6786A95DB99
                              APIs
                              • LdrGetProcedureAddress.NTDLL(00000000,00000000,00000000), ref: 10006115
                              Memory Dump Source
                              • Source File: 00000000.00000002.3437150810.0000000010000000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_10000000_99.jbxd
                              Similarity
                              • API ID: AddressProcedure
                              • String ID:
                              • API String ID: 3653107232-0
                              • Opcode ID: b0fdcc2e6f29255798221e87a4cc1c59c4c258f69b8f0650fd83bedbacb84739
                              • Instruction ID: 78c0987cb7ffc063797d9a6f9d393f2066e6151a443f59dc1fc5ba499ae867df
                              • Opcode Fuzzy Hash: b0fdcc2e6f29255798221e87a4cc1c59c4c258f69b8f0650fd83bedbacb84739
                              • Instruction Fuzzy Hash: 564146B5D40209AFEB00DFD4EC81BAEB7B5FF18314F244065E909AB245D375AA54CB62
                              APIs
                              • LdrGetDllHandleEx.NTDLL(00000001,00000001,00000000,00000000,00000000), ref: 1000B6DF
                              Memory Dump Source
                              • Source File: 00000000.00000002.3437150810.0000000010000000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_10000000_99.jbxd
                              Similarity
                              • API ID: Handle
                              • String ID:
                              • API String ID: 2519475695-0
                              • Opcode ID: 9cc028ce4cef6fd72751e9c02f2673b6ffa45c8eaa4f1332740a5ce7082965a9
                              • Instruction ID: f5b1eeb52ae3afd7add8d8d659320dd3d1fa50eb2e7bb74abf840f5972d141ec
                              • Opcode Fuzzy Hash: 9cc028ce4cef6fd72751e9c02f2673b6ffa45c8eaa4f1332740a5ce7082965a9
                              • Instruction Fuzzy Hash: 6B312FF6D40205ABEB40DF94ECC2B9AB7F8FF18314F184065E90DAB341E375A9548B62
                              APIs
                              • RtlComputeCrc32.NTDLL(00000000,00000001,00000000), ref: 1000FFF4
                              Memory Dump Source
                              • Source File: 00000000.00000002.3437150810.0000000010000000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_10000000_99.jbxd
                              Similarity
                              • API ID: ComputeCrc32
                              • String ID:
                              • API String ID: 660108262-0
                              • Opcode ID: 3b3c4a398f2c335a2580c0c2c9e01d6ed997776affae00ca87f118d2e0373c7b
                              • Instruction ID: 885f51156191be290847c32039febb9a430df116088fdaca21ba1fa0fc310e03
                              • Opcode Fuzzy Hash: 3b3c4a398f2c335a2580c0c2c9e01d6ed997776affae00ca87f118d2e0373c7b
                              • Instruction Fuzzy Hash: FE3149B5E00309BBEB51DFD49C82FBE77B8EF14740F104068FA18BA242D7B6A6509B51
                              APIs
                              • GetSystemDirectoryA.KERNEL32(00000000,00000100), ref: 10018935
                              Memory Dump Source
                              • Source File: 00000000.00000002.3437150810.0000000010000000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_10000000_99.jbxd
                              Similarity
                              • API ID: DirectorySystem
                              • String ID:
                              • API String ID: 2188284642-0
                              • Opcode ID: 2c93ccefffdd24751a113a6a8b127da9d46669cbde7100af002d9a110044543e
                              • Instruction ID: ee8817d9cef94c28fb543e8b0ac086dfa591c469ffb5e13cc4bb05c5ca752fcb
                              • Opcode Fuzzy Hash: 2c93ccefffdd24751a113a6a8b127da9d46669cbde7100af002d9a110044543e
                              • Instruction Fuzzy Hash: 2F115875E00309BBEB40DEE49C42BAD76A8EB08754F241469F608FB241D771AB809756
                              APIs
                              • IsBadCodePtr.KERNEL32(00000000), ref: 10001D73
                              Memory Dump Source
                              • Source File: 00000000.00000002.3437150810.0000000010000000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_10000000_99.jbxd
                              Similarity
                              • API ID: Code
                              • String ID:
                              • API String ID: 3609698214-0
                              • Opcode ID: a6e85c84f7705da1f0b0ef0dca21cf6d2d6468ef5f288cf7089c26cb1776d2a9
                              • Instruction ID: e6d0952806afafb3bf167878436ee8aac056beef16ad5c6831721f9da55ad4d1
                              • Opcode Fuzzy Hash: a6e85c84f7705da1f0b0ef0dca21cf6d2d6468ef5f288cf7089c26cb1776d2a9
                              • Instruction Fuzzy Hash: E8118B70900209FBEB60DF64CC05BED7BB4EF01390F2041AAED08AA1D4DB729A15DB85
                              APIs
                              • InterlockedExchange.KERNEL32(1002D4C9,?), ref: 10013C79
                              Memory Dump Source
                              • Source File: 00000000.00000002.3437150810.0000000010000000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_10000000_99.jbxd
                              Similarity
                              • API ID: ExchangeInterlocked
                              • String ID:
                              • API String ID: 367298776-0
                              • Opcode ID: 8f3db6529a380ad884801686893290e76bb9e31a8db3e312d6667318ca493a2c
                              • Instruction ID: 374fef4b2e02d52e2e07c0ca9dad6c55ed4794edc6ac8ae58a0c039705d7fb64
                              • Opcode Fuzzy Hash: 8f3db6529a380ad884801686893290e76bb9e31a8db3e312d6667318ca493a2c
                              • Instruction Fuzzy Hash: CC0171B5E0020DABDB00FFE09D82BAEBBB9EB04301F404466F50876105EB71EA549B92
                              APIs
                              • InterlockedExchange.KERNEL32(1002D50D,?), ref: 1001A092
                              Memory Dump Source
                              • Source File: 00000000.00000002.3437150810.0000000010000000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_10000000_99.jbxd
                              Similarity
                              • API ID: ExchangeInterlocked
                              • String ID:
                              • API String ID: 367298776-0
                              • Opcode ID: 5f714afee4867c402fc67ecef455e1855603a07155a017b7538eac9aa4686da4
                              • Instruction ID: cb7720b851b721871b731c706f7cbe3d90cdbd700e2746e4ab45e97b10e25004
                              • Opcode Fuzzy Hash: 5f714afee4867c402fc67ecef455e1855603a07155a017b7538eac9aa4686da4
                              • Instruction Fuzzy Hash: 5C018DB5D00218ABDB11FFD09C82B9E77B8EB09341F804466F50476111D7719B988792
                              APIs
                              • InterlockedExchange.KERNEL32(1002D51D,00000040), ref: 100228E3
                              Memory Dump Source
                              • Source File: 00000000.00000002.3437150810.0000000010000000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_10000000_99.jbxd
                              Similarity
                              • API ID: ExchangeInterlocked
                              • String ID:
                              • API String ID: 367298776-0
                              • Opcode ID: 194b0fc893c5977093f79026a72dc70755a1496586ec811bd8de5678d100e2c9
                              • Instruction ID: c1b15002a30057ddc80440081b4ff6bc33ecde6fccf9cd62e387e343abd0d63a
                              • Opcode Fuzzy Hash: 194b0fc893c5977093f79026a72dc70755a1496586ec811bd8de5678d100e2c9
                              • Instruction Fuzzy Hash: DF014DB5D0021DFBEB10EFE0AC82B9E7778EB14644F904066F50466151EB719B549B91
                              APIs
                              • InterlockedExchange.KERNEL32(1002D3FD,08000000), ref: 10006CF7
                              Memory Dump Source
                              • Source File: 00000000.00000002.3437150810.0000000010000000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_10000000_99.jbxd
                              Similarity
                              • API ID: ExchangeInterlocked
                              • String ID:
                              • API String ID: 367298776-0
                              • Opcode ID: 23192da6ecbc83458441ebdd5d9c372dffc65ab0074d72a51acdd461767757be
                              • Instruction ID: 4cade7ef096b15f562c821cb4de08ab4d3fc558eeb9d0de8a70c828ff9c11a3c
                              • Opcode Fuzzy Hash: 23192da6ecbc83458441ebdd5d9c372dffc65ab0074d72a51acdd461767757be
                              • Instruction Fuzzy Hash: 170175B5E0020DEBEB00EFE0EC82FAE7B79EF04240F504066E51566105D771AB549B92
                              APIs
                              • InterlockedExchange.KERNEL32(1002D481,00000000), ref: 1000FD11
                              Memory Dump Source
                              • Source File: 00000000.00000002.3437150810.0000000010000000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_10000000_99.jbxd
                              Similarity
                              • API ID: ExchangeInterlocked
                              • String ID:
                              • API String ID: 367298776-0
                              • Opcode ID: 4a2eef44144669db4c1f9733a33db670b7915dec5e8fa15a72f47dd6e77bff96
                              • Instruction ID: 0aed2d4544eee8039acc50f3c1f3685790efcc1e5774387d789b9b1403c596f7
                              • Opcode Fuzzy Hash: 4a2eef44144669db4c1f9733a33db670b7915dec5e8fa15a72f47dd6e77bff96
                              • Instruction Fuzzy Hash: 9A0188B5D0430DABEB10FFE09C82FAE7779EB04280F40046BF505A6505DB71AA14EB92
                              APIs
                              • InterlockedExchange.KERNEL32(1002D3E1,00000004), ref: 10003177
                              Memory Dump Source
                              • Source File: 00000000.00000002.3437150810.0000000010000000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_10000000_99.jbxd
                              Similarity
                              • API ID: ExchangeInterlocked
                              • String ID:
                              • API String ID: 367298776-0
                              • Opcode ID: da42de84fdc45480a06cd4378e972f835c842b750d11b0a6ad2ad2daa698017b
                              • Instruction ID: 385097fba51063c84e9e930c69dc2d7aac367372f62906f312b1c310141ed2ce
                              • Opcode Fuzzy Hash: da42de84fdc45480a06cd4378e972f835c842b750d11b0a6ad2ad2daa698017b
                              • Instruction Fuzzy Hash: 40015275D00208E7EB01EFE09C92BEF7B78EB08280F404066E51566155DB71AA149B92
                              APIs
                              • InterlockedExchange.KERNEL32(1002D485,00000000), ref: 1000FDAE
                              Memory Dump Source
                              • Source File: 00000000.00000002.3437150810.0000000010000000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_10000000_99.jbxd
                              Similarity
                              • API ID: ExchangeInterlocked
                              • String ID:
                              • API String ID: 367298776-0
                              • Opcode ID: 1a48310d62d447e18139df79d4c208d7064efbc4de3590175f6bd695f184c1e5
                              • Instruction ID: 3f7b499d2902c1e46d25e5c31060a7ca09a1136a131adf16b63838e7b32e6cd5
                              • Opcode Fuzzy Hash: 1a48310d62d447e18139df79d4c208d7064efbc4de3590175f6bd695f184c1e5
                              • Instruction Fuzzy Hash: 0B018875D0024CABEB00FFE0DC82EAE7779EB05380F50006AF505A6115DB716A54EB92
                              APIs
                              • InterlockedExchange.KERNEL32(1002D43D,?), ref: 10008E04
                              Memory Dump Source
                              • Source File: 00000000.00000002.3437150810.0000000010000000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_10000000_99.jbxd
                              Similarity
                              • API ID: ExchangeInterlocked
                              • String ID:
                              • API String ID: 367298776-0
                              • Opcode ID: afcca2c59449e325cff3936334e354c9cd28eb17edf5175cf760837ed83860e1
                              • Instruction ID: 4c97a0654b066084171f968f8b0ad47121c2de6078470ba5a976a0987d87b010
                              • Opcode Fuzzy Hash: afcca2c59449e325cff3936334e354c9cd28eb17edf5175cf760837ed83860e1
                              • Instruction Fuzzy Hash: EC0175B5D00219E7EB00FFE0EC82BAE7B78FB14240F504466F54566145EB716B549B92
                              APIs
                              • InterlockedExchange.KERNEL32(1002D40D,00000008), ref: 10007E19
                              Memory Dump Source
                              • Source File: 00000000.00000002.3437150810.0000000010000000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_10000000_99.jbxd
                              Similarity
                              • API ID: ExchangeInterlocked
                              • String ID:
                              • API String ID: 367298776-0
                              • Opcode ID: c28a3b2f2e25cb6acfcff6b005e4e53fcd9242a91f843676d212f9070d1610bf
                              • Instruction ID: 3b8a368ce3914a44cda768e978636fd60f477d925661c7c420499c797e447cb4
                              • Opcode Fuzzy Hash: c28a3b2f2e25cb6acfcff6b005e4e53fcd9242a91f843676d212f9070d1610bf
                              • Instruction Fuzzy Hash: 9B0171B5D00249ABEB00FFE0EC82AAEBB78FB04240F404466E60966115DB75AB549B92
                              APIs
                              • InterlockedExchange.KERNEL32(1002D441,?), ref: 10008EA1
                              Memory Dump Source
                              • Source File: 00000000.00000002.3437150810.0000000010000000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_10000000_99.jbxd
                              Similarity
                              • API ID: ExchangeInterlocked
                              • String ID:
                              • API String ID: 367298776-0
                              • Opcode ID: b38c6ebf94637de38798da6e1c23dd87dd1bdd738f4a7bbe3db8cae8409ee598
                              • Instruction ID: 1686f6cdf9a679c1f5c84585fd33387023eb604c586a5dba44084a63d2e43e5f
                              • Opcode Fuzzy Hash: b38c6ebf94637de38798da6e1c23dd87dd1bdd738f4a7bbe3db8cae8409ee598
                              • Instruction Fuzzy Hash: 9C0171B5D00359ABEB10FFE0DC82BAEBB78FB04380F400066E64576115EB71AB54CB92
                              APIs
                              • InterlockedExchange.KERNEL32(1002D47D,00000000), ref: 1000FAD0
                              Memory Dump Source
                              • Source File: 00000000.00000002.3437150810.0000000010000000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_10000000_99.jbxd
                              Similarity
                              • API ID: ExchangeInterlocked
                              • String ID:
                              • API String ID: 367298776-0
                              • Opcode ID: 2ecd14835ddfe2db98adf362f1cc27abc66221ca3baeee4228986d5531294eba
                              • Instruction ID: 82e752f980966cf0ba4425328bdbe0b5f15696934bb6f442517d9b0340b204dc
                              • Opcode Fuzzy Hash: 2ecd14835ddfe2db98adf362f1cc27abc66221ca3baeee4228986d5531294eba
                              • Instruction Fuzzy Hash: 510179B5E00209EBEB00FFE09C82AAEB778EB05240F504466F54566145EBB16654DB92
                              APIs
                              • InterlockedExchange.KERNEL32(1002D521,00000000), ref: 10022AE1
                              Memory Dump Source
                              • Source File: 00000000.00000002.3437150810.0000000010000000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_10000000_99.jbxd
                              Similarity
                              • API ID: ExchangeInterlocked
                              • String ID:
                              • API String ID: 367298776-0
                              • Opcode ID: c21c2a8c4cec09cdedbb30eba6480203a51324f4c4c5902b1b0fefa990e6b838
                              • Instruction ID: 1a66ded8f8981fca5c39a2578b95296ca62aec53b1f76630b0cdbd515d7a4f8c
                              • Opcode Fuzzy Hash: c21c2a8c4cec09cdedbb30eba6480203a51324f4c4c5902b1b0fefa990e6b838
                              • Instruction Fuzzy Hash: D60175B5D00308BBDB11EFE0AC82FEEBB78EB14344F400066E90566501E7B56B14DB92
                              APIs
                              • InterlockedExchange.KERNEL32(1002D4B9,10026CF1), ref: 10011EEA
                              Memory Dump Source
                              • Source File: 00000000.00000002.3437150810.0000000010000000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_10000000_99.jbxd
                              Similarity
                              • API ID: ExchangeInterlocked
                              • String ID:
                              • API String ID: 367298776-0
                              • Opcode ID: 387a02cd27c85a9e9645a962391e1fc87b5c3584c8544df15e9cc9309148cd0f
                              • Instruction ID: ae9516facd56fc145b0b9ba1995b908798816dd09d6beae3d77d7b55205b3fe1
                              • Opcode Fuzzy Hash: 387a02cd27c85a9e9645a962391e1fc87b5c3584c8544df15e9cc9309148cd0f
                              • Instruction Fuzzy Hash: AF0184B5E0420CABDB00FFE0EC82BEEBBB9EB04244F400466F5056A111DB75EA549B92
                              APIs
                              • InterlockedExchange.KERNEL32(1002D525,00000000), ref: 10024745
                              Memory Dump Source
                              • Source File: 00000000.00000002.3437150810.0000000010000000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_10000000_99.jbxd
                              Similarity
                              • API ID: ExchangeInterlocked
                              • String ID:
                              • API String ID: 367298776-0
                              • Opcode ID: 16372e4eb88579a8b12f2817b7d5f3197544eee2f9c96a83dd2f20b74f294324
                              • Instruction ID: 4f30fde94411f2541dcfd4e169ebb1e46575794177a9fc60b21b5106f81313a2
                              • Opcode Fuzzy Hash: 16372e4eb88579a8b12f2817b7d5f3197544eee2f9c96a83dd2f20b74f294324
                              • Instruction Fuzzy Hash: 1001D8B5D0431CA7DB00FFE0ACC2FAEBB78EB05300F810465E51566101EBB16A14DB92
                              APIs
                              • InterlockedExchange.KERNEL32(1002D435,?), ref: 10008B88
                              Memory Dump Source
                              • Source File: 00000000.00000002.3437150810.0000000010000000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_10000000_99.jbxd
                              Similarity
                              • API ID: ExchangeInterlocked
                              • String ID:
                              • API String ID: 367298776-0
                              • Opcode ID: c9e7b862b60fe74ed4fe71638f98d4edbead8bac7f3d7a8f9d653b4e1fb7c940
                              • Instruction ID: 91e5747cc3fe246938bda6916c84b67a4fdfd623eeedb860250414ba6297eca5
                              • Opcode Fuzzy Hash: c9e7b862b60fe74ed4fe71638f98d4edbead8bac7f3d7a8f9d653b4e1fb7c940
                              • Instruction Fuzzy Hash: 7B0171B5D0020DABEB50FFE49C82EAEBBB8FB04240F500466E54466115EB71AB14DB92
                              APIs
                              • InterlockedExchange.KERNEL32(1002D411,?), ref: 1000839E
                              Memory Dump Source
                              • Source File: 00000000.00000002.3437150810.0000000010000000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_10000000_99.jbxd
                              Similarity
                              • API ID: ExchangeInterlocked
                              • String ID:
                              • API String ID: 367298776-0
                              • Opcode ID: 278c620e1e7e4d768f896ce18c2c498cb7bc6a05be8e6297497d5f0b97cf32e1
                              • Instruction ID: 31dc5b1c38583c82a0824eac09af333b299f07736d69ab93248bda9d1065cdb0
                              • Opcode Fuzzy Hash: 278c620e1e7e4d768f896ce18c2c498cb7bc6a05be8e6297497d5f0b97cf32e1
                              • Instruction Fuzzy Hash: 390175B5D04308A7EB40FFE09C82AAE7778FB04640F405476F54466145D771AB54CB92
                              APIs
                              • InterlockedExchange.KERNEL32(1002D44D,00000000), ref: 1000B3B4
                              Memory Dump Source
                              • Source File: 00000000.00000002.3437150810.0000000010000000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_10000000_99.jbxd
                              Similarity
                              • API ID: ExchangeInterlocked
                              • String ID:
                              • API String ID: 367298776-0
                              • Opcode ID: 76ce89a9342da98fe2dfecb2c94b98527dad8150a52251657d2f7bd5707e59c8
                              • Instruction ID: a0f89ea6e8a02a489adc9b983919e457af64c69ca27a1623b1b8ea733fed46f6
                              • Opcode Fuzzy Hash: 76ce89a9342da98fe2dfecb2c94b98527dad8150a52251657d2f7bd5707e59c8
                              • Instruction Fuzzy Hash: 5F0184B5D0030CEBEB00FFE0AD92FAEBB78EB04240F504066F50466145DBB1AB54DB92
                              APIs
                              • InterlockedExchange.KERNEL32(1002D4C5,00000014), ref: 10013804
                              Memory Dump Source
                              • Source File: 00000000.00000002.3437150810.0000000010000000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_10000000_99.jbxd
                              Similarity
                              • API ID: ExchangeInterlocked
                              • String ID:
                              • API String ID: 367298776-0
                              • Opcode ID: df7046381827650c065037a5133842a2a86736d1ba20d916eef21a95625819b6
                              • Instruction ID: 3d49d6b3b442fbd771079eef3efcaca9525747ce25c9376b7200e1962427cb25
                              • Opcode Fuzzy Hash: df7046381827650c065037a5133842a2a86736d1ba20d916eef21a95625819b6
                              • Instruction Fuzzy Hash: 420152B5D04309A7EB00FFE09C82AAEB778EF04240F504066F50466151EB75AA54DB92
                              APIs
                              • InterlockedExchange.KERNEL32(1002D439,?), ref: 10008C25
                              Memory Dump Source
                              • Source File: 00000000.00000002.3437150810.0000000010000000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_10000000_99.jbxd
                              Similarity
                              • API ID: ExchangeInterlocked
                              • String ID:
                              • API String ID: 367298776-0
                              • Opcode ID: 1ec75bcf5a5c2b71d65e273564a3b3c9b1f3326e431629a853761c1f5ea93f69
                              • Instruction ID: e89bca5dfd4d69b457f6ee300803ba63458d7d33b5f739f05a8734b2afd2cb97
                              • Opcode Fuzzy Hash: 1ec75bcf5a5c2b71d65e273564a3b3c9b1f3326e431629a853761c1f5ea93f69
                              • Instruction Fuzzy Hash: 4C0171B5D00209ABEB00FFE49CC2EAEBB78FB04240F900466E55566116DB71AB549BA6
                              APIs
                              • InterlockedExchange.KERNEL32(1002D4D9,?), ref: 10014029
                              Memory Dump Source
                              • Source File: 00000000.00000002.3437150810.0000000010000000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_10000000_99.jbxd
                              Similarity
                              • API ID: ExchangeInterlocked
                              • String ID:
                              • API String ID: 367298776-0
                              • Opcode ID: 2023bc8ebed8db9c71d14d41a16ae57d1e69fa0acd5bbe78306c23398d50d97a
                              • Instruction ID: 2564c689c805b87f96d1dc3a9772f8e9f463aef008d258d62ef8b45eff4f05b1
                              • Opcode Fuzzy Hash: 2023bc8ebed8db9c71d14d41a16ae57d1e69fa0acd5bbe78306c23398d50d97a
                              • Instruction Fuzzy Hash: 8E01D875D0030CA7DB11FFE09C82F9E7779EB08300F400026F615A7112DB75EA549B92
                              APIs
                              • InterlockedExchange.KERNEL32(1002D409,00000001), ref: 10007C2B
                              Memory Dump Source
                              • Source File: 00000000.00000002.3437150810.0000000010000000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_10000000_99.jbxd
                              Similarity
                              • API ID: ExchangeInterlocked
                              • String ID:
                              • API String ID: 367298776-0
                              • Opcode ID: 61d08e19df0a214d9286b1d052d7edc03e2565f5d48c7273754c1c18bed95e81
                              • Instruction ID: c3b43e173740565f2226f67ccfeaefedf346a2cdf78e56352eac70fc933f1a03
                              • Opcode Fuzzy Hash: 61d08e19df0a214d9286b1d052d7edc03e2565f5d48c7273754c1c18bed95e81
                              • Instruction Fuzzy Hash: B0017575D0020CA7FB00FFE09C86F9EBB78FB14340F44446AE61966105E775AA549B92
                              APIs
                              • InterlockedExchange.KERNEL32(1002D52D,00000000), ref: 10025448
                              Memory Dump Source
                              • Source File: 00000000.00000002.3437150810.0000000010000000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_10000000_99.jbxd
                              Similarity
                              • API ID: ExchangeInterlocked
                              • String ID:
                              • API String ID: 367298776-0
                              • Opcode ID: c904fddc6ddc8d15f4d357e5ecb68cc14fb2d08915d767a0cb86d415350261cd
                              • Instruction ID: 3e1362fdfd7180a89e2653fc66fb6b654d9ba0ea71b3ee1e512a707afa301e7c
                              • Opcode Fuzzy Hash: c904fddc6ddc8d15f4d357e5ecb68cc14fb2d08915d767a0cb86d415350261cd
                              • Instruction Fuzzy Hash: 730188B5D0021CA7DB00FFE0AC82B9EB7B8EB04345F904467F90566111D7B29A549B96
                              APIs
                              • InterlockedExchange.KERNEL32(1002D451,00000000), ref: 1000B451
                              Memory Dump Source
                              • Source File: 00000000.00000002.3437150810.0000000010000000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_10000000_99.jbxd
                              Similarity
                              • API ID: ExchangeInterlocked
                              • String ID:
                              • API String ID: 367298776-0
                              • Opcode ID: 51b26b4892ccffcc6dc83c2534fb8f59ce223cf36af1d5fc13b3d33c47b94d86
                              • Instruction ID: 8d0e244bf49903d48fd7c686830ea074e98c76a4a96eec9f774984162f9bf409
                              • Opcode Fuzzy Hash: 51b26b4892ccffcc6dc83c2534fb8f59ce223cf36af1d5fc13b3d33c47b94d86
                              • Instruction Fuzzy Hash: BF0148B5D0431DABEB00FFE09C82FAEB778EB14340F904465F50566116EB71AB54DB92
                              APIs
                              • GetAncestor.USER32(100236B8,00000001,?,?,100236B8), ref: 1002371A
                              Memory Dump Source
                              • Source File: 00000000.00000002.3437150810.0000000010000000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_10000000_99.jbxd
                              Similarity
                              • API ID: Ancestor
                              • String ID:
                              • API String ID: 4063365101-0
                              • Opcode ID: 0be6b4715263265285db1f468f36bdd37c7f824151cbff8a336d8021942bab24
                              • Instruction ID: eb8589c6fe16dd3324ac60df81f06840749ea93634a8b87ae7cb4ae9ae9ba44e
                              • Opcode Fuzzy Hash: 0be6b4715263265285db1f468f36bdd37c7f824151cbff8a336d8021942bab24
                              • Instruction Fuzzy Hash: C3F03CB4E44308EBDB10EF90E9467ADFB70EB06741F509065E6047B180E7B25A509A8A
                              APIs
                              • CreateMutexA.KERNEL32(00000000,00000000,00000001,00000001,00000000,00000000,00000001), ref: 100101C4
                              Memory Dump Source
                              • Source File: 00000000.00000002.3437150810.0000000010000000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_10000000_99.jbxd
                              Similarity
                              • API ID: CreateMutex
                              • String ID:
                              • API String ID: 1964310414-0
                              • Opcode ID: d12216730a6dd428996d56869a6fc80ed1219f4cbb400b599376012f3700107f
                              • Instruction ID: 16cce99742d90ffd21a6e538df0c97e42957f62968f0f4cbc8e65f9f29ad9446
                              • Opcode Fuzzy Hash: d12216730a6dd428996d56869a6fc80ed1219f4cbb400b599376012f3700107f
                              • Instruction Fuzzy Hash: D8F03970E45208FBDB21EF95DC02BADBB74EB05741F1080A5FA087A180D7B5AB509B95
                              APIs
                              • ReleaseMutex.KERNEL32(?,1000702C), ref: 1000635D
                              Memory Dump Source
                              • Source File: 00000000.00000002.3437150810.0000000010000000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_10000000_99.jbxd
                              Similarity
                              • API ID: MutexRelease
                              • String ID:
                              • API String ID: 1638419-0
                              • Opcode ID: 409f3bf5a2a7effd3d518b78c876aaf5ee200c7d662fef1c20eca6aafb3e8a79
                              • Instruction ID: 7b3213fa97c1f7abe5e99e727b00606adf76b996470ce0c1231a1946aded7527
                              • Opcode Fuzzy Hash: 409f3bf5a2a7effd3d518b78c876aaf5ee200c7d662fef1c20eca6aafb3e8a79
                              • Instruction Fuzzy Hash: 3AD017B0D45308B7E610AE90EC03B69BA34D706761F105161FA082A190E6B2AB2496DA
                              APIs
                              • HeapAlloc.KERNEL32(00000008,00000000), ref: 1000F7E5
                                • Part of subcall function 1000FA6F: InterlockedExchange.KERNEL32(1002D47D,00000000), ref: 1000FAD0
                              Memory Dump Source
                              • Source File: 00000000.00000002.3437150810.0000000010000000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_10000000_99.jbxd
                              Similarity
                              • API ID: AllocExchangeHeapInterlocked
                              • String ID:
                              • API String ID: 3051970009-0
                              • Opcode ID: 022b8115eb5ce5199829a80c414696cba4458c1422a7b80e9c996825c196cccc
                              • Instruction ID: 8cc4e7238832c14419a96c129bec8d194933ec370394a89dab4d823145446c67
                              • Opcode Fuzzy Hash: 022b8115eb5ce5199829a80c414696cba4458c1422a7b80e9c996825c196cccc
                              • Instruction Fuzzy Hash: 51310270D40209FEFB11DFA0CC02BEDBBB5FB04780F208169F614BA194DBB56A54AB55
                              APIs
                              • HeapAlloc.KERNEL32(00000008,?,?,10026C94), ref: 1000247B
                              Memory Dump Source
                              • Source File: 00000000.00000002.3437150810.0000000010000000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_10000000_99.jbxd
                              Similarity
                              • API ID: AllocHeap
                              • String ID:
                              • API String ID: 4292702814-0
                              • Opcode ID: 0dd204370fe18862268228c1c8de2b552e2688217c670dbeba92eeddf2ae1a81
                              • Instruction ID: 104a27a5d458cbbbe33f9f96244b29e3d4c33b82fd0089700704125604d1dba2
                              • Opcode Fuzzy Hash: 0dd204370fe18862268228c1c8de2b552e2688217c670dbeba92eeddf2ae1a81
                              • Instruction Fuzzy Hash: BDE08634D85308B7E610EF40DC03F29BA38E702751F508012FA083A090D6B25A649B87
                              Memory Dump Source
                              • Source File: 00000000.00000002.3437150810.0000000010000000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_10000000_99.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 96be86a671df8888b254cc6c3208d86f49787d8cf2ca4e448b4867e87cd8e5fd
                              • Instruction ID: b82dc38e16616ddd987b864122364eac5c1fff58b477e30fd6f02d7e5179368c
                              • Opcode Fuzzy Hash: 96be86a671df8888b254cc6c3208d86f49787d8cf2ca4e448b4867e87cd8e5fd
                              • Instruction Fuzzy Hash: 85721AB5E40309ABEB00DF94ECC2FDDBBB5EB0C354F644025F604BA296D7B269548B25
                              Memory Dump Source
                              • Source File: 00000000.00000002.3437150810.0000000010000000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_10000000_99.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: e69f0c751b4262d556ab7d8e659c133a8de82433dc850d146ab5d350a12c39cd
                              • Instruction ID: 551f598227d6dd39184c223fb6ed838a91ab17f663f6174eca7434abf6d8a969
                              • Opcode Fuzzy Hash: e69f0c751b4262d556ab7d8e659c133a8de82433dc850d146ab5d350a12c39cd
                              • Instruction Fuzzy Hash: 40624CB5E41208BBEF11DFD0EC82BDDBBB5EF08354F204029F604BA291D7B5A9958B14
                              Memory Dump Source
                              • Source File: 00000000.00000002.3437150810.0000000010000000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_10000000_99.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 6d84f2b69ea6095c90f23bd9b6d1a5a8279a6636e2ec472cfa5718089ee139e8
                              • Instruction ID: a5955423d14317f839d9afbcb2b9ced9374c1de9beecc9198591da7258e3e5d6
                              • Opcode Fuzzy Hash: 6d84f2b69ea6095c90f23bd9b6d1a5a8279a6636e2ec472cfa5718089ee139e8
                              • Instruction Fuzzy Hash: 5D32F7B1B412529BFB00CF58ECC0B59B7A5EFA9324F290074E946AF341D379B861DB61
                              Memory Dump Source
                              • Source File: 00000000.00000002.3437150810.0000000010000000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_10000000_99.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: f04032a532c17935709fed7173e226e9a954ec38d62b032ac7340ce8b9de18a0
                              • Instruction ID: 3de84c3e889b2c0bc8bcd444dabd38468fbc88aeca599d708b385d83fa676b17
                              • Opcode Fuzzy Hash: f04032a532c17935709fed7173e226e9a954ec38d62b032ac7340ce8b9de18a0
                              • Instruction Fuzzy Hash: 8E22F8B2B812529BFB00CB58ECC0B55B7A5EFA5328F290474E9469F341D379F861DB21
                              Memory Dump Source
                              • Source File: 00000000.00000002.3437150810.0000000010000000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_10000000_99.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 060caa462227d063eaf04c7f21a9b9660bb70fdd2aceff3ad377bb009bd70efe
                              • Instruction ID: 2248021ac5db34a560a572e85a1c1eea5c01ad721331a673fc7f7bdbc18de49f
                              • Opcode Fuzzy Hash: 060caa462227d063eaf04c7f21a9b9660bb70fdd2aceff3ad377bb009bd70efe
                              • Instruction Fuzzy Hash: 90524471D00259CBEB20CFA4D8857DDBBB0FF48344F2180A4D599BB249DB756AA5CF90
                              Memory Dump Source
                              • Source File: 00000000.00000002.3437150810.0000000010000000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_10000000_99.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 93b47e461c63f839a0e9ae3ef6a363fe45af2de517bc13b6af46d012bc471d4d
                              • Instruction ID: fa5432d9c06c826fba32fdae05fe74482de4f60f477d8ade94ddac0ef3f6a6e0
                              • Opcode Fuzzy Hash: 93b47e461c63f839a0e9ae3ef6a363fe45af2de517bc13b6af46d012bc471d4d
                              • Instruction Fuzzy Hash: 602215B5E00309AFEF10CF94DC82BEEBBB0FF09354F204025EA14BA296D77569548B65
                              Memory Dump Source
                              • Source File: 00000000.00000002.3434813036.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                              • Associated: 00000000.00000002.3434766312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435007049.000000000054C000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435101431.00000000005F5000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435161295.00000000005F7000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435180881.00000000005F9000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435200925.0000000000602000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435218251.0000000000603000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435236346.0000000000608000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435252552.000000000060A000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000646000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000064B000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435370961.000000000064E000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_400000_99.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: d661ed39db562ac566872f26007d021147cc92ea9e190a8c0ca44f94e2ce2ada
                              • Instruction ID: 6003d2ed73482845adf90e1ab1fc36a6f06d3087c6dbf83c0feb078ed9ec2dd5
                              • Opcode Fuzzy Hash: d661ed39db562ac566872f26007d021147cc92ea9e190a8c0ca44f94e2ce2ada
                              • Instruction Fuzzy Hash: A612407398560B4BEB1CCD26CCC19D57393BBD82A871BD27C9829C7644EE7CE64B8640
                              Memory Dump Source
                              • Source File: 00000000.00000002.3434813036.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                              • Associated: 00000000.00000002.3434766312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435007049.000000000054C000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435101431.00000000005F5000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435161295.00000000005F7000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435180881.00000000005F9000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435200925.0000000000602000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435218251.0000000000603000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435236346.0000000000608000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435252552.000000000060A000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000646000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000064B000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435370961.000000000064E000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_400000_99.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 135aceb6aa32b1d79549e01b70b9ee6c0f6ca4a6405cbd98f41a439d85fa13ef
                              • Instruction ID: 71e5887b608c9fe078c1d7037be02824d94f1f10940ded2fd829ffa57afc3ea8
                              • Opcode Fuzzy Hash: 135aceb6aa32b1d79549e01b70b9ee6c0f6ca4a6405cbd98f41a439d85fa13ef
                              • Instruction Fuzzy Hash: 36E1D0B1D4824ECEEB398BA4C8597FD7FB5FB48310F684856E411A6182D7758E81DB10
                              Memory Dump Source
                              • Source File: 00000000.00000002.3434813036.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                              • Associated: 00000000.00000002.3434766312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435007049.000000000054C000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435101431.00000000005F5000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435161295.00000000005F7000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435180881.00000000005F9000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435200925.0000000000602000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435218251.0000000000603000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435236346.0000000000608000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435252552.000000000060A000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000646000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000064B000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435370961.000000000064E000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_400000_99.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 1c9394c43d1b784fe95c45b4db0b1a2232bd0ca48a0e884346ca5bd3c37e8f78
                              • Instruction ID: 4004207c36cceff0d3d7c34e9b6dd2d2aded836fb9d63a49a49d14a3ee87b523
                              • Opcode Fuzzy Hash: 1c9394c43d1b784fe95c45b4db0b1a2232bd0ca48a0e884346ca5bd3c37e8f78
                              • Instruction Fuzzy Hash: 7AC1F07A608780AFD769CE09C0A9BBBB7E2BF91700F58441FE0C147351E6399D55CB4A
                              Memory Dump Source
                              • Source File: 00000000.00000002.3437150810.0000000010000000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_10000000_99.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 68d3902ef48eb2b0ea1e98523cf84d220f884a2bc31b4a3403d1743386bbda7f
                              • Instruction ID: 15cd058cb613ad93b2deb671447fd93daff6b1ebb966e0e7c4ee6c7ed785d811
                              • Opcode Fuzzy Hash: 68d3902ef48eb2b0ea1e98523cf84d220f884a2bc31b4a3403d1743386bbda7f
                              • Instruction Fuzzy Hash: BDA160B5E00209ABEB40DEE4DC85FDE7BB8EF08354F144065FA04AA241EB75EB94CB51
                              Memory Dump Source
                              • Source File: 00000000.00000002.3434813036.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                              • Associated: 00000000.00000002.3434766312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435007049.000000000054C000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435101431.00000000005F5000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435161295.00000000005F7000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435180881.00000000005F9000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435200925.0000000000602000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435218251.0000000000603000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435236346.0000000000608000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435252552.000000000060A000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000646000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000064B000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435370961.000000000064E000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_400000_99.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: fc60ecf50bd115ca0c6ea2745a91e2bccda0b72c85d336beea95e2ba67d1c3a9
                              • Instruction ID: 219b8098106035448f838e2980f2c8fe846eff875efed62dd01d2752a4d9012c
                              • Opcode Fuzzy Hash: fc60ecf50bd115ca0c6ea2745a91e2bccda0b72c85d336beea95e2ba67d1c3a9
                              • Instruction Fuzzy Hash: 11B15A35A0020ADFDB25CF04C5D0AA8FBA1BF58318F24C5ADD85A5B396C731EE46CB90
                              Memory Dump Source
                              • Source File: 00000000.00000002.3437150810.0000000010000000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_10000000_99.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 7200f153caa90d48a9700c6273f72d88bef546347f9c4dfa1c1c74185b342bdd
                              • Instruction ID: 14e6b09ccae86c50f75a937e7e6fe01258ff4770b1647dfaac81a6f85d8f69f1
                              • Opcode Fuzzy Hash: 7200f153caa90d48a9700c6273f72d88bef546347f9c4dfa1c1c74185b342bdd
                              • Instruction Fuzzy Hash: 7A911EB5E0020AABEF10DF94DC85B9E7BB5EF18344F204025FA14BB281D775EB948B65
                              Memory Dump Source
                              • Source File: 00000000.00000002.3437150810.0000000010000000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_10000000_99.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: f29243b0d0ea20511f4cb1106b1515d46eb23fc76d8db8d1afdd2d9a1039e213
                              • Instruction ID: 03d07b771d78d2ead9be031f4861621435dfbb7e08fb32216ea170559a01278e
                              • Opcode Fuzzy Hash: f29243b0d0ea20511f4cb1106b1515d46eb23fc76d8db8d1afdd2d9a1039e213
                              • Instruction Fuzzy Hash: 078123B5E4025AABEF00CF94ECC1B9DBBB4FF19310F640025E549BB245D775A851CB25
                              Memory Dump Source
                              • Source File: 00000000.00000002.3437150810.0000000010000000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_10000000_99.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: bd0974059ae252d5b90eb8f6432f6ddda83af5d10b71b803c1f1bc6c84e1fa75
                              • Instruction ID: fa026d6154386471c9ed67b0d764591261ae5350a3fbb2125f892fb7990afb2f
                              • Opcode Fuzzy Hash: bd0974059ae252d5b90eb8f6432f6ddda83af5d10b71b803c1f1bc6c84e1fa75
                              • Instruction Fuzzy Hash: 7D7135B5E4125AABEF00DFA8ECC1B9DBBB4FF18310F650025E545BB241DB75A851CB21
                              Memory Dump Source
                              • Source File: 00000000.00000002.3437150810.0000000010000000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_10000000_99.jbxd
                              Similarity
                              • API ID: ObjectSelect
                              • String ID:
                              • API String ID: 1517587568-0
                              • Opcode ID: 355770622b8ee66c6704d228f7a4cf4399a8d1d5d808ebab5a82fa4d81647a92
                              • Instruction ID: 38d14c2f8622cd03f50353335eeab2373c5cbc47d148ebdcbde86e05c5d9d7ee
                              • Opcode Fuzzy Hash: 355770622b8ee66c6704d228f7a4cf4399a8d1d5d808ebab5a82fa4d81647a92
                              • Instruction Fuzzy Hash: 4E6134B1E40349ABEB10DFE4DC86FEF76F4EB05704F500425F615BA281D7B6AA848B52
                              Memory Dump Source
                              • Source File: 00000000.00000002.3437150810.0000000010000000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_10000000_99.jbxd
                              Similarity
                              • API ID: ComputeCrc32CreateMutex
                              • String ID:
                              • API String ID: 2647859408-0
                              • Opcode ID: fb765643ddb528c65f4c8254d2e67b215b37ca112bcddd59e63a3746b6e22e82
                              • Instruction ID: 6e8f39effab6ffe8abe8ce8b2f006d743ef601de1a83054572dbacb1371b805f
                              • Opcode Fuzzy Hash: fb765643ddb528c65f4c8254d2e67b215b37ca112bcddd59e63a3746b6e22e82
                              • Instruction Fuzzy Hash: FA611274E40319EBEB00EF91DC87BEEBB71EB05750F200026F6147A191D7B1AA51DB96
                              Memory Dump Source
                              • Source File: 00000000.00000002.3437150810.0000000010000000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_10000000_99.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 177ff9bcddc0062e541eb72a297809aa775245e2e6d8d1f130c2bdda6e790eca
                              • Instruction ID: b3edc6188f52fe0267c65f768a9f0694fa0e22adacd15ae2cea2a64ff053d747
                              • Opcode Fuzzy Hash: 177ff9bcddc0062e541eb72a297809aa775245e2e6d8d1f130c2bdda6e790eca
                              • Instruction Fuzzy Hash: E4512774E40316ABEB10CF94DC96FAE77B4EF04700F604019FA49BE291D7F59A948B92
                              Memory Dump Source
                              • Source File: 00000000.00000002.3437150810.0000000010000000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_10000000_99.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 999cff3d56ebaad1770f9eebce6b814e78184f0733c47f680aeb2efe81abf9bb
                              • Instruction ID: 3ff1e0272834ebdf1ae0fa1b74ff5d017005019b99e03679453d0ba0a45af6fd
                              • Opcode Fuzzy Hash: 999cff3d56ebaad1770f9eebce6b814e78184f0733c47f680aeb2efe81abf9bb
                              • Instruction Fuzzy Hash: E2512EB5D0021AABEB00DF94DCC1BAE77B4FF18314F140465E508EB301E775AA50CB62
                              Memory Dump Source
                              • Source File: 00000000.00000002.3437150810.0000000010000000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_10000000_99.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 848507941d9fbffb7cbc7b29cbefd203ef99eb4224134117eb04a7a1748b5fdf
                              • Instruction ID: 740361c2a2a7975ea98c5d6579f5497acae074faf2527958cbce1f24f1a7fcbb
                              • Opcode Fuzzy Hash: 848507941d9fbffb7cbc7b29cbefd203ef99eb4224134117eb04a7a1748b5fdf
                              • Instruction Fuzzy Hash: 84516B75E00209EBEB00CF94DC86FAE77F4EB05344F654055F914BE281E776DA948B62
                              Memory Dump Source
                              • Source File: 00000000.00000002.3434813036.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                              • Associated: 00000000.00000002.3434766312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435007049.000000000054C000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435101431.00000000005F5000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435161295.00000000005F7000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435180881.00000000005F9000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435200925.0000000000602000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435218251.0000000000603000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435236346.0000000000608000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435252552.000000000060A000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000646000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000064B000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435370961.000000000064E000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_400000_99.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 288ad7fcb540c8efc65d63155a80cf20cd7926503290e790ef74247f1432d09d
                              • Instruction ID: f1be0e3d30bd8ab24c0f4a6939aa2188dda2d3268a98e77efb381d3add8a087d
                              • Opcode Fuzzy Hash: 288ad7fcb540c8efc65d63155a80cf20cd7926503290e790ef74247f1432d09d
                              • Instruction Fuzzy Hash: 2251AE70D00219EBEF11DF95DD45BDDBBB2BB18304F608059F9107A2A0C3BA6A64EF58
                              Memory Dump Source
                              • Source File: 00000000.00000002.3437150810.0000000010000000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_10000000_99.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: c551d9ee4e18ac04d199571815a8ce167b17ea29bf87976a5931350147ad1b07
                              • Instruction ID: 6e2a16805fa032cb188a6ab09911055340e312e86faa01d054a0585f1b90ccec
                              • Opcode Fuzzy Hash: c551d9ee4e18ac04d199571815a8ce167b17ea29bf87976a5931350147ad1b07
                              • Instruction Fuzzy Hash: 14312270D44609EBEF00EF80DC46BAEBB71EB06355F205169FA043A191D3B64A54DF9A
                              Memory Dump Source
                              • Source File: 00000000.00000002.3437150810.0000000010000000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_10000000_99.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 4f752ba2bd3efe35c0db813093cd95cfd95bebb34e1c0840b79ae46e9a3f7aa2
                              • Instruction ID: fcd9660d6a72fe45eefc1d8f4cbc8b5498bd8d2469cb5e857af72b9432f5bd19
                              • Opcode Fuzzy Hash: 4f752ba2bd3efe35c0db813093cd95cfd95bebb34e1c0840b79ae46e9a3f7aa2
                              • Instruction Fuzzy Hash: F3313575E40308AFEB50DF94DC82B9DBBB4EB0C741F504065F608EB745E7B59A409B52
                              Memory Dump Source
                              • Source File: 00000000.00000002.3437150810.0000000010000000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_10000000_99.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: bcbbfe027ddbde3ca2b7ee6e7a9b101e6e640faf627c7a0eeba07689440a2c60
                              • Instruction ID: 0e6d90bd3a1296b327673a782b8a2de37a0e9d786c9d2f722c0ab1c87383cc98
                              • Opcode Fuzzy Hash: bcbbfe027ddbde3ca2b7ee6e7a9b101e6e640faf627c7a0eeba07689440a2c60
                              • Instruction Fuzzy Hash: 69317375E40308AFEB40DF94DC82B9EBBB4EB08340F504075E608EB696E3B56A409B52
                              Memory Dump Source
                              • Source File: 00000000.00000002.3437150810.0000000010000000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_10000000_99.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 918643da65e37feeb39471fc9b76e24dac407e2b29faf6ea47c3fc6075c6ae67
                              • Instruction ID: f5bd11c3930f14deff6542fe37b9d91d6d9d9f7f47c674184f68d859604aa839
                              • Opcode Fuzzy Hash: 918643da65e37feeb39471fc9b76e24dac407e2b29faf6ea47c3fc6075c6ae67
                              • Instruction Fuzzy Hash: 8821F975A04209EFEB41CF90CD82BAE77F8EB05754F244015B908BA181E7B5EAD09B62
                              Memory Dump Source
                              • Source File: 00000000.00000002.3437150810.0000000010000000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_10000000_99.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: ef8a370add3d5418976353e0fc23bf6dee6b9d923330f9d60947765b51f42246
                              • Instruction ID: cb764db9af18425858f0870d561dcf750e8236d090e6b6f48ce3485ee4cf3179
                              • Opcode Fuzzy Hash: ef8a370add3d5418976353e0fc23bf6dee6b9d923330f9d60947765b51f42246
                              • Instruction Fuzzy Hash: 7E114634845224FBEA11FF90DC42B68BBA1E712345F215067F6042A0B5DBB2ADD6DA42
                              Memory Dump Source
                              • Source File: 00000000.00000002.3437150810.0000000010000000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_10000000_99.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 37003275f3eaa72a6ef67eca1d876927b20d3cea41f567a5b2a029eb66a1c75e
                              • Instruction ID: eeae7fc577553641f4f664837c49950aecc16b69e97dd8631aebf4018e73b438
                              • Opcode Fuzzy Hash: 37003275f3eaa72a6ef67eca1d876927b20d3cea41f567a5b2a029eb66a1c75e
                              • Instruction Fuzzy Hash: FA2137B090060AEAFB10DFA0C844BEEBAB8FB05380F204271F990A6198D7349AD5D754
                              Memory Dump Source
                              • Source File: 00000000.00000002.3437150810.0000000010000000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_10000000_99.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 5e64809ee3449bf2a7df32ff2943633b8c15e644a62c7bb0cedcca55993e9baa
                              • Instruction ID: ba505964bce734d70dae5fb9ba97fd24188bee46f8c6b217aecce00d80479512
                              • Opcode Fuzzy Hash: 5e64809ee3449bf2a7df32ff2943633b8c15e644a62c7bb0cedcca55993e9baa
                              • Instruction Fuzzy Hash: C9112875D00208FBEF00DF90C84579DBBB0EB05345F508069F908AE290DB759B94DB91
                              Memory Dump Source
                              • Source File: 00000000.00000002.3434813036.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                              • Associated: 00000000.00000002.3434766312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435007049.000000000054C000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435101431.00000000005F5000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435161295.00000000005F7000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435180881.00000000005F9000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435200925.0000000000602000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435218251.0000000000603000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435236346.0000000000608000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435252552.000000000060A000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000646000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000064B000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435370961.000000000064E000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_400000_99.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: df243571f50a38fa1868784450a17c7f6b8ff57fb907259a4febf094eb20b85c
                              • Instruction ID: 217c46bd723f3219f7815ad72942d4ee0b9c54a45a0dfcf2640853a0b5024c72
                              • Opcode Fuzzy Hash: df243571f50a38fa1868784450a17c7f6b8ff57fb907259a4febf094eb20b85c
                              • Instruction Fuzzy Hash: 1C11E964A14208D7EB00DFA4D590BAFB3B5EF5C700F105069D908EB395E77A9E11C7AA
                              Memory Dump Source
                              • Source File: 00000000.00000002.3434813036.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                              • Associated: 00000000.00000002.3434766312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435007049.000000000054C000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435101431.00000000005F5000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435161295.00000000005F7000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435180881.00000000005F9000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435200925.0000000000602000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435218251.0000000000603000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435236346.0000000000608000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435252552.000000000060A000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000646000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000064B000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435370961.000000000064E000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_400000_99.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: df243571f50a38fa1868784450a17c7f6b8ff57fb907259a4febf094eb20b85c
                              • Instruction ID: cf2c5b2b0a4701fdffc73a95fd3c21715c78f72163c27d61a73fd0c34b0dae3b
                              • Opcode Fuzzy Hash: df243571f50a38fa1868784450a17c7f6b8ff57fb907259a4febf094eb20b85c
                              • Instruction Fuzzy Hash: DE111964A10208C7EB00CFA4D480BAFB376EF5C700F105169D908EB395E67ADE51C7AA
                              Memory Dump Source
                              • Source File: 00000000.00000002.3437150810.0000000010000000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_10000000_99.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: e2f1484a5e89f92b7548bae6589aecaccf6235fa81f97c2c0215c37c853ae1f6
                              • Instruction ID: 8996d56321af788ecdb48f59df6a7f6deac0e56e76c4d4795bf28b9d59f37b7c
                              • Opcode Fuzzy Hash: e2f1484a5e89f92b7548bae6589aecaccf6235fa81f97c2c0215c37c853ae1f6
                              • Instruction Fuzzy Hash: D3110975D0020DABEB00DFD0DC46BAEBBB8FF04704F104455F914BA190E7B2AB549B91
                              Memory Dump Source
                              • Source File: 00000000.00000002.3437150810.0000000010000000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_10000000_99.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: dea71471854b7794d7273d518db6e4b972dc62c76027c577b271c860ea424262
                              • Instruction ID: aa05f780bf07b04a9dbad2cba23d858d9fb5007feb3f8ac9aeeac6949bb19c5c
                              • Opcode Fuzzy Hash: dea71471854b7794d7273d518db6e4b972dc62c76027c577b271c860ea424262
                              • Instruction Fuzzy Hash: 07015335980208FBEF11DFA1DD02BDEBB74EB00350F108022BA146E1A0D772DAA0ABC1
                              Memory Dump Source
                              • Source File: 00000000.00000002.3437150810.0000000010000000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_10000000_99.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 621178d27eafce4a1d86bdd6d4636c6e0afcccb944ec7a99f9e7a057a9f1ad00
                              • Instruction ID: f86e8bef0b9f5b7b48e3b9b3acc0b6cb1fd06cabc4355fe6e2609782588421e0
                              • Opcode Fuzzy Hash: 621178d27eafce4a1d86bdd6d4636c6e0afcccb944ec7a99f9e7a057a9f1ad00
                              • Instruction Fuzzy Hash: B401EC7594020CBEEF11DF80DC42FEDBB79EB09740F108051FA046D091D7B29AA5AB95
                              Memory Dump Source
                              • Source File: 00000000.00000002.3437150810.0000000010000000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_10000000_99.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 7397f0f5fb6be8bcaaa4e77a6887201b2645371ef3c2632b50f96f60a1aee293
                              • Instruction ID: e7353d8a689e469959c960a5bb5359493e28a0ae3a5db89d5c895ffd79e8d98e
                              • Opcode Fuzzy Hash: 7397f0f5fb6be8bcaaa4e77a6887201b2645371ef3c2632b50f96f60a1aee293
                              • Instruction Fuzzy Hash: 64F04970D00208FBEB10DF90CC06BADBFB0EB01341F204065F9007A1A0D7B6AB94DB85
                              Memory Dump Source
                              • Source File: 00000000.00000002.3434813036.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                              • Associated: 00000000.00000002.3434766312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435007049.000000000054C000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435101431.00000000005F5000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435161295.00000000005F7000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435180881.00000000005F9000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435200925.0000000000602000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435218251.0000000000603000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435236346.0000000000608000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435252552.000000000060A000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000646000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000064B000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435370961.000000000064E000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_400000_99.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 2c87d8e0b7ba56d736c07b047e30089808aeaac69e35d125051550d227842b0d
                              • Instruction ID: cb64788e630b4ad873d1ea12087a13ae9cfee501ac29333e35ff13e1c1cc3e94
                              • Opcode Fuzzy Hash: 2c87d8e0b7ba56d736c07b047e30089808aeaac69e35d125051550d227842b0d
                              • Instruction Fuzzy Hash: 92E0A03360021557EA50A61AE885EDBA75CBFF0328F01582FF950CB281F1E5ECCB82B0
                              Memory Dump Source
                              • Source File: 00000000.00000002.3437150810.0000000010000000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_10000000_99.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 2d443f961325e826377ab455a3b784cc22cadc769fa486d24d41cd9801f717dc
                              • Instruction ID: 682ee749917f4e023bc7197140f76a097522797ecf20c1f45cbbd45c019d52a4
                              • Opcode Fuzzy Hash: 2d443f961325e826377ab455a3b784cc22cadc769fa486d24d41cd9801f717dc
                              • Instruction Fuzzy Hash: 3CF0FE74D44258EBDB14EE90D8057EDBA74E706305F504266EA04AE190D3B18BA4DB96
                              Memory Dump Source
                              • Source File: 00000000.00000002.3434813036.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                              • Associated: 00000000.00000002.3434766312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435007049.000000000054C000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435101431.00000000005F5000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435161295.00000000005F7000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435180881.00000000005F9000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435200925.0000000000602000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435218251.0000000000603000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435236346.0000000000608000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435252552.000000000060A000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000646000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000064B000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435370961.000000000064E000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_400000_99.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: ecb5924e4e3bdcad967e1cdb3356951c113b8fef940e0e9a60d022ed0f424e00
                              • Instruction ID: 829335425e3a7e1816cfc27448566c0b6b1c4db227813011935349a404aa7b33
                              • Opcode Fuzzy Hash: ecb5924e4e3bdcad967e1cdb3356951c113b8fef940e0e9a60d022ed0f424e00
                              • Instruction Fuzzy Hash: 42F05EB4A04308EBEB21DF95CD81B9DBBB5EB08300F108195EE046B381E2B61A50AB55
                              Memory Dump Source
                              • Source File: 00000000.00000002.3437150810.0000000010000000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_10000000_99.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 19f0f76c576cdd84307bd26bd9b5886d4290dca15e1ac3f3f611f9243f0388a9
                              • Instruction ID: bbfaceb90791bb35eed418166a23c42ee1e6653db07919fbe020635ad9369783
                              • Opcode Fuzzy Hash: 19f0f76c576cdd84307bd26bd9b5886d4290dca15e1ac3f3f611f9243f0388a9
                              • Instruction Fuzzy Hash: B9F03975D00218EBDB00EE90D80ABAEBA78EB15301F100465EA086E190D3B59B54DA96
                              Memory Dump Source
                              • Source File: 00000000.00000002.3437150810.0000000010000000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_10000000_99.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 07f80700cc5210cda7409edc569743553da25c12f3afe71f335ab42793a68d5e
                              • Instruction ID: 33dc01a3c2299a3cd355405e5767cb27c6d7fba89f237eed4e622fd5132f0db0
                              • Opcode Fuzzy Hash: 07f80700cc5210cda7409edc569743553da25c12f3afe71f335ab42793a68d5e
                              • Instruction Fuzzy Hash: 5AE08C34D49308B7D610EF40AC87B28BA35E706701F505056FA043A090E7F2AA649A8A
                              Memory Dump Source
                              • Source File: 00000000.00000002.3437150810.0000000010000000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_10000000_99.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 13fe8401390d9f71333325ae1b2cb84fa7ba5aa184835648c676b8c7a690914e
                              • Instruction ID: 761fadcd4debd2308a54b226b4f8dff580185d7010702b48f65d1b5b1071df53
                              • Opcode Fuzzy Hash: 13fe8401390d9f71333325ae1b2cb84fa7ba5aa184835648c676b8c7a690914e
                              • Instruction Fuzzy Hash: 66E08C34D45308B7D610EF50EC43B6CBB34E707700F108056FA083A1A0D7B29E60ABCA
                              Memory Dump Source
                              • Source File: 00000000.00000002.3437150810.0000000010000000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_10000000_99.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 989ed4646566f77c2ab72184739a9137b5d7eae5940c08cbaa9d6fc56a31f36c
                              • Instruction ID: 1fae9ae4253266a87bc96311d46508b5db8f13d56845d8971887a42445dbbd4a
                              • Opcode Fuzzy Hash: 989ed4646566f77c2ab72184739a9137b5d7eae5940c08cbaa9d6fc56a31f36c
                              • Instruction Fuzzy Hash: 7DD05B70D45218F7DA10EF54AC03B39BB34D707761F205261FB143E1D5D6B25920D5DA
                              Memory Dump Source
                              • Source File: 00000000.00000002.3434813036.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                              • Associated: 00000000.00000002.3434766312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435007049.000000000054C000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435101431.00000000005F5000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435161295.00000000005F7000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435180881.00000000005F9000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435200925.0000000000602000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435218251.0000000000603000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435236346.0000000000608000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435252552.000000000060A000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000646000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000064B000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435370961.000000000064E000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_400000_99.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 4166609f46e1e3870822f18e47ad906b85be3cb121b05c48cc550c3ccd7ee5f7
                              • Instruction ID: bfe7d01ac4a7b9ab78b593469302b4d9a50fe58e37f84242f356d3f51c5313a7
                              • Opcode Fuzzy Hash: 4166609f46e1e3870822f18e47ad906b85be3cb121b05c48cc550c3ccd7ee5f7
                              • Instruction Fuzzy Hash: 04D0C974254B49CFDB01CF15C0E1B81B7A8EB8A758F104171DD419B345D2B8F946CAE2
                              Memory Dump Source
                              • Source File: 00000000.00000002.3437150810.0000000010000000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_10000000_99.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: e24509eb4154e54e63d34a257df7f67858844c9b410712c520ef3551b56a8a9a
                              • Instruction ID: 2a9e0740773b8b6f5e110bd1e2332ab73de667f723c53b2bed2784798aa44a4a
                              • Opcode Fuzzy Hash: e24509eb4154e54e63d34a257df7f67858844c9b410712c520ef3551b56a8a9a
                              • Instruction Fuzzy Hash: 90B01232125BD44EC1038309C423B11B7ECE300D48F090090D451C7542C14CF610C494
                              Memory Dump Source
                              • Source File: 00000000.00000002.3434813036.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                              • Associated: 00000000.00000002.3434766312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435007049.000000000054C000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435101431.00000000005F5000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435161295.00000000005F7000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435180881.00000000005F9000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435200925.0000000000602000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435218251.0000000000603000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435236346.0000000000608000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435252552.000000000060A000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000646000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000064B000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435370961.000000000064E000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_400000_99.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: e24509eb4154e54e63d34a257df7f67858844c9b410712c520ef3551b56a8a9a
                              • Instruction ID: 2a9e0740773b8b6f5e110bd1e2332ab73de667f723c53b2bed2784798aa44a4a
                              • Opcode Fuzzy Hash: e24509eb4154e54e63d34a257df7f67858844c9b410712c520ef3551b56a8a9a
                              • Instruction Fuzzy Hash: 90B01232125BD44EC1038309C423B11B7ECE300D48F090090D451C7542C14CF610C494
                              APIs
                              • GetCursorPos.USER32(?), ref: 0050EFD1
                              • ScreenToClient.USER32(?), ref: 0050EFE0
                              • ImageList_DragMove.COMCTL32(?,00000200), ref: 0050EFEB
                              • ImageList_DragShowNolock.COMCTL32(00000000,?,00000200), ref: 0050EFF2
                              • SendMessageA.USER32(00001111,00000000,?,00000000), ref: 0050F008
                              • SendMessageA.USER32(0000110B,00000008,00000000,00001111), ref: 0050F01F
                              • SendMessageA.USER32(00008075,00000000,00000000,0000110B), ref: 0050F031
                              • ImageList_DragShowNolock.COMCTL32(00000001,00001111,00000000,?,00000000,?,00000200), ref: 0050F038
                              • ImageList_DragLeave.COMCTL32 ref: 0050F05E
                              • ImageList_EndDrag.COMCTL32 ref: 0050F063
                              • ImageList_Destroy.COMCTL32 ref: 0050F06E
                              • SendMessageA.USER32(0000110A,00000008,00000000), ref: 0050F082
                              • SendMessageA.USER32(0000110B,00000009,00000000,0000110A), ref: 0050F095
                              • SendMessageA.USER32(0000110B,00000008,00000000,0000110B), ref: 0050F0A9
                              • ReleaseCapture.USER32 ref: 0050F0AE
                              • SendMessageA.USER32(00001112,00000000,?), ref: 0050F0E1
                              • ImageList_BeginDrag.COMCTL32(00000000,00000000,00000000,00001112,00000000,?), ref: 0050F0F7
                              • ImageList_DragEnter.COMCTL32(?,?,00000000,00000000,00000000,00001112,00000000,?), ref: 0050F108
                              • SetCapture.USER32(FFFFFE69,?,?,00000000,00000000,00000000,00001112,00000000,?), ref: 0050F110
                              • CallWindowProcA.USER32(?,0000004E,?,?), ref: 0050F133
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.3434813036.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                              • Associated: 00000000.00000002.3434766312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435007049.000000000054C000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435101431.00000000005F5000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435161295.00000000005F7000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435180881.00000000005F9000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435200925.0000000000602000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435218251.0000000000603000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435236346.0000000000608000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435252552.000000000060A000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000646000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000064B000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435370961.000000000064E000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_400000_99.jbxd
                              Similarity
                              • API ID: ImageList_$DragMessageSend$CaptureNolockShow$BeginCallClientCursorDestroyEnterLeaveMoveProcReleaseScreenWindow
                              • String ID: N
                              • API String ID: 3292699315-1130791706
                              • Opcode ID: e50485691100648ca9ef4ba1a43f624da90a8ef4daa8304f659725b6d882e1a8
                              • Instruction ID: 72018a57f2f8fcf41fdce14ebb6c836fd13a79ed1b25acd40ba7adba6906e01c
                              • Opcode Fuzzy Hash: e50485691100648ca9ef4ba1a43f624da90a8ef4daa8304f659725b6d882e1a8
                              • Instruction Fuzzy Hash: 0E416D75981606FAEF22AF91EC1AFAF3F76BF65350F105420B600650E3CBB16964EB40
                              APIs
                                • Part of subcall function 0053FA53: GetWindowLongA.USER32(?,000000F0), ref: 0053FA5F
                              • GetParent.USER32(?), ref: 0053F114
                              • SendMessageA.USER32(00000000,0000036B,00000000,00000000), ref: 0053F137
                              • GetWindowRect.USER32(?,?), ref: 0053F150
                              • GetWindowLongA.USER32(00000000,000000F0), ref: 0053F163
                              • CopyRect.USER32(?,?), ref: 0053F1B0
                              • CopyRect.USER32(?,?), ref: 0053F1BA
                              • GetWindowRect.USER32(00000000,?), ref: 0053F1C3
                              • CopyRect.USER32(?,?), ref: 0053F1DF
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.3434813036.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                              • Associated: 00000000.00000002.3434766312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435007049.000000000054C000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435101431.00000000005F5000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435161295.00000000005F7000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435180881.00000000005F9000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435200925.0000000000602000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435218251.0000000000603000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435236346.0000000000608000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435252552.000000000060A000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000646000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000064B000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435370961.000000000064E000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_400000_99.jbxd
                              Similarity
                              • API ID: Rect$Window$Copy$Long$MessageParentSend
                              • String ID: ($@
                              • API String ID: 808654186-1311469180
                              • Opcode ID: 67731d11943f2cab8c20225cb2aeda4579443d3693feffc8452dedf60ac904dc
                              • Instruction ID: 7ea828dfd13bc5bc57a5103dcd4536eedd3ef693c487495b2566d8476aa598a0
                              • Opcode Fuzzy Hash: 67731d11943f2cab8c20225cb2aeda4579443d3693feffc8452dedf60ac904dc
                              • Instruction Fuzzy Hash: E2515076D00219ABCB14DBA8DC89EEEBFB9BF89314F154125F515F3290DA30A909DB60
                              APIs
                              • GetModuleHandleA.KERNEL32(USER32,?,?,?,00528D9E), ref: 00528C87
                              • GetProcAddress.KERNEL32(00000000,GetSystemMetrics), ref: 00528C9F
                              • GetProcAddress.KERNEL32(00000000,MonitorFromWindow), ref: 00528CB0
                              • GetProcAddress.KERNEL32(00000000,MonitorFromRect), ref: 00528CC1
                              • GetProcAddress.KERNEL32(00000000,MonitorFromPoint), ref: 00528CD2
                              • GetProcAddress.KERNEL32(00000000,EnumDisplayMonitors), ref: 00528CE3
                              • GetProcAddress.KERNEL32(00000000,GetMonitorInfoA), ref: 00528CF4
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.3434813036.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                              • Associated: 00000000.00000002.3434766312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435007049.000000000054C000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435101431.00000000005F5000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435161295.00000000005F7000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435180881.00000000005F9000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435200925.0000000000602000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435218251.0000000000603000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435236346.0000000000608000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435252552.000000000060A000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000646000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000064B000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435370961.000000000064E000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_400000_99.jbxd
                              Similarity
                              • API ID: AddressProc$HandleModule
                              • String ID: EnumDisplayMonitors$GetMonitorInfoA$GetSystemMetrics$MonitorFromPoint$MonitorFromRect$MonitorFromWindow$USER32
                              • API String ID: 667068680-2376520503
                              • Opcode ID: 296bcc5ee0e8cf884f61f9c5024ab05e0550880bac4fba7e8ed97f05bafa8832
                              • Instruction ID: 1c169790a217a9d2f9d56bd359b43ee134ea97e6602945a2d772415094c0b3ce
                              • Opcode Fuzzy Hash: 296bcc5ee0e8cf884f61f9c5024ab05e0550880bac4fba7e8ed97f05bafa8832
                              • Instruction Fuzzy Hash: B811637C90D268AEC3418FAA7CC043EBEE5B75F745394583EE104D29D0DB3055C99BA1
                              APIs
                              • LoadLibraryA.KERNEL32(?,00000000,?,00000000,?,?,?,?,?,?,00000000,00618E68,00000000), ref: 004C0E64
                              • LoadLibraryA.KERNEL32(?,00000000,00000000,00000000,?,?,005F8D20,?,?,?,?,?,?,00000000,00618E68,00000000), ref: 004C0EA1
                              • GetProcAddress.KERNEL32(00000000,DllRegisterServer), ref: 004C0ED7
                              • FreeLibrary.KERNEL32(00000000,?,?,?,?,?,?,00000000,00618E68,00000000), ref: 004C0EE2
                              • FreeLibrary.KERNEL32(00000000,?,?,?,?,?,?,00000000,00618E68,00000000), ref: 004C0EF0
                              • LoadTypeLib.OLEAUT32(00000000,00000000), ref: 004C0FFD
                              • RegisterTypeLib.OLEAUT32(00000000,00000000), ref: 004C1032
                              • CLSIDFromString.OLE32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000000,00618E68,00000000), ref: 004C10F7
                              • UnRegisterTypeLib.OLEAUT32(?,00000000,00000000,00000000,00000001), ref: 004C1113
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.3434813036.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                              • Associated: 00000000.00000002.3434766312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435007049.000000000054C000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435101431.00000000005F5000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435161295.00000000005F7000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435180881.00000000005F9000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435200925.0000000000602000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435218251.0000000000603000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435236346.0000000000608000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435252552.000000000060A000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000646000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000064B000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435370961.000000000064E000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_400000_99.jbxd
                              Similarity
                              • API ID: Library$LoadType$FreeRegister$AddressFromProcString
                              • String ID: DllRegisterServer$DllUnregisterServer$X^$X^
                              • API String ID: 2476498075-2578817150
                              • Opcode ID: 7ac4a2e7c1f396aee7430160435fe2de8e98e87e08e2012e17c2afa8df609d33
                              • Instruction ID: 48f1b0588012936bfdd668cb7fce53d069e6fdd6402357225129b9ac8da9d994
                              • Opcode Fuzzy Hash: 7ac4a2e7c1f396aee7430160435fe2de8e98e87e08e2012e17c2afa8df609d33
                              • Instruction Fuzzy Hash: 8BB1D3B590024A9BDB50EFA0C845FEFB7B8EF95304F10851DF815AB281DB789E45CBA1
                              APIs
                                • Part of subcall function 005456A0: TlsGetValue.KERNEL32(00647ADC,?,00000000,00545127,00544A1B,00545143,00540552,005417F4,?,00000000,?,005391FF,00000000,00000000,00000000,00000000), ref: 005456DF
                              • RegisterClipboardFormatA.USER32(commdlg_LBSelChangedNotify), ref: 00539FEF
                              • RegisterClipboardFormatA.USER32(commdlg_ShareViolation), ref: 00539FFB
                              • RegisterClipboardFormatA.USER32(commdlg_FileNameOK), ref: 0053A007
                              • RegisterClipboardFormatA.USER32(commdlg_ColorOK), ref: 0053A013
                              • RegisterClipboardFormatA.USER32(commdlg_help), ref: 0053A01F
                              • RegisterClipboardFormatA.USER32(commdlg_SetRGBColor), ref: 0053A02B
                                • Part of subcall function 0053F910: SetWindowLongA.USER32(?,000000FC,00000000), ref: 0053F93F
                              • SendMessageA.USER32(?,00000111,0000E146,00000000), ref: 0053A11E
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.3434813036.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                              • Associated: 00000000.00000002.3434766312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435007049.000000000054C000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435101431.00000000005F5000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435161295.00000000005F7000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435180881.00000000005F9000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435200925.0000000000602000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435218251.0000000000603000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435236346.0000000000608000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435252552.000000000060A000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000646000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000064B000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435370961.000000000064E000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_400000_99.jbxd
                              Similarity
                              • API ID: ClipboardFormatRegister$LongMessageSendValueWindow
                              • String ID: commdlg_ColorOK$commdlg_FileNameOK$commdlg_LBSelChangedNotify$commdlg_SetRGBColor$commdlg_ShareViolation$commdlg_help
                              • API String ID: 3913284445-3888057576
                              • Opcode ID: ee33cd11475713090332e9299af7dec1232a9788e65692b1e692409c0824bdcf
                              • Instruction ID: e00ce344254959a2822e9ddcdb687f9addec061fc44f02fbdeedbefa28bc7698
                              • Opcode Fuzzy Hash: ee33cd11475713090332e9299af7dec1232a9788e65692b1e692409c0824bdcf
                              • Instruction Fuzzy Hash: A641C4356042099FCF259F65DC49ABE3FB2FB85750F000566F885971A1DB719C80CBA2
                              APIs
                                • Part of subcall function 0053B7DF: InterlockedDecrement.KERNEL32(-000000F4), ref: 0053B7F3
                              • InternetConnectA.WININET(?,?,?,?,?,?,00000000,00000000), ref: 0050FE8C
                              • InternetCloseHandle.WININET(?), ref: 0051012C
                                • Part of subcall function 0050FCA0: InternetSetOptionA.WININET(00000000,00000026,00000003,0000000C), ref: 0050FCDE
                                • Part of subcall function 0050FCA0: InternetSetOptionA.WININET(?,0000002B,?,?), ref: 0050FCF0
                                • Part of subcall function 0050FCA0: InternetSetOptionA.WININET(?,0000002C,?,?), ref: 0050FCFE
                              • HttpOpenRequestA.WININET(00000000,GET,?,HTTP/1.0,00000000,?,84000000,00000000), ref: 0050FF3D
                              • HttpSendRequestA.WININET(00000000,Accept: */*,?,00000000,00000000), ref: 0050FFB1
                              • InternetCloseHandle.WININET(00000000), ref: 00510121
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.3434813036.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                              • Associated: 00000000.00000002.3434766312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435007049.000000000054C000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435101431.00000000005F5000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435161295.00000000005F7000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435180881.00000000005F9000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435200925.0000000000602000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435218251.0000000000603000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435236346.0000000000608000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435252552.000000000060A000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000646000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000064B000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435370961.000000000064E000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_400000_99.jbxd
                              Similarity
                              • API ID: Internet$Option$CloseHandleHttpRequest$ConnectDecrementInterlockedOpenSend
                              • String ID: $Accept: */*$GET$HTTP/1.0
                              • API String ID: 2275469768-4025763747
                              • Opcode ID: 844bbed60ac50ec14381b57e8cda4673af5eae5cce520e53684d72e4db57b571
                              • Instruction ID: 652fdf1790532d611cdc2e00311812b69b094f0874cd0dc5eb8b8d6493916f38
                              • Opcode Fuzzy Hash: 844bbed60ac50ec14381b57e8cda4673af5eae5cce520e53684d72e4db57b571
                              • Instruction Fuzzy Hash: 60D17D7480024AEEEB04EFE4C859BEEBFB8FF99350F10814DE51567281EB745A45CB61
                              APIs
                              • GetModuleHandleA.KERNEL32(?), ref: 10029652
                              • LoadLibraryA.KERNEL32(?), ref: 1002965F
                              • wsprintfA.USER32 ref: 10029676
                              • MessageBoxA.USER32(00000000,?,DLL ERROR,00000010), ref: 1002968C
                                • Part of subcall function 10027B10: ExitProcess.KERNEL32 ref: 10027B25
                              • atoi.MSVCRT(?), ref: 100296CB
                              • strchr.MSVCRT ref: 10029703
                              • GetProcAddress.KERNEL32(00000000,00000040), ref: 10029721
                              • wsprintfA.USER32 ref: 10029739
                              • MessageBoxA.USER32(00000000,?,DLL ERROR,00000010), ref: 1002974F
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.3437150810.0000000010000000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_10000000_99.jbxd
                              Similarity
                              • API ID: Messagewsprintf$AddressExitHandleLibraryLoadModuleProcProcessatoistrchr
                              • String ID: DLL ERROR
                              • API String ID: 3187504500-4092134112
                              • Opcode ID: 9540223c6458f4f61bd1187778cb6480ee137db95fa86fbff814e5090dc54c7b
                              • Instruction ID: 2d8d4974cead62a1b0d3c1b872151993aa02a2f76add0cb6c4d459240c98e11b
                              • Opcode Fuzzy Hash: 9540223c6458f4f61bd1187778cb6480ee137db95fa86fbff814e5090dc54c7b
                              • Instruction Fuzzy Hash: 7E3139B26003529BE310EF74AC94F9BB7D8EB85340F904929FB09D3241EB75E919C7A5
                              APIs
                              • ??2@YAPAXI@Z.MSVCRT(?,00000698,80000004,00000000,00000000,00000000,?,?,00000000,00000000,?,?,?,?,00000001), ref: 10028E9E
                              • strrchr.MSVCRT ref: 10028EC7
                              • RegOpenKeyA.ADVAPI32(00000000,00000000,?), ref: 10028EE0
                              • ??2@YAPAXI@Z.MSVCRT ref: 10028F03
                              • RegQueryValueExA.ADVAPI32(?,00000000,00000000,?,00000000,?,00000400,?,?,?,00000698,80000004,00000000,00000000,00000000), ref: 10028F26
                              • ??3@YAXPAX@Z.MSVCRT(00000000,?,?,?,00000698,80000004,00000000,00000000,00000000,?,?,00000000,00000000), ref: 10028F34
                              • ??2@YAPAXI@Z.MSVCRT(?,00000000,?,?,?,00000698,80000004,00000000,00000000,00000000,?,?,00000000,00000000), ref: 10028F3E
                              • RegQueryValueExA.ADVAPI32(?,00000000,00000000,?,00000000,?,?,?,?,?,?,?,00000698,80000004,00000000,00000000), ref: 10028F5B
                              • ??3@YAXPAX@Z.MSVCRT(00000000,?,?,?,?,?,?,00000698,80000004,00000000,00000000,00000000,?,?,00000000,00000000), ref: 10028F8A
                              • RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,00000698,80000004,00000000,00000000,00000000,?,?,00000000), ref: 10028F97
                              • ??3@YAXPAX@Z.MSVCRT(00000000,?,?,?,00000698,80000004,00000000,00000000,00000000,?,?,00000000,00000000), ref: 10028F9E
                              Memory Dump Source
                              • Source File: 00000000.00000002.3437150810.0000000010000000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_10000000_99.jbxd
                              Similarity
                              • API ID: ??2@??3@$QueryValue$CloseOpenstrrchr
                              • String ID:
                              • API String ID: 1380196384-0
                              • Opcode ID: e7ace30d2f8466e70a135e9438976f98cc2e8929a4af4227705134379e3db402
                              • Instruction ID: 11253f6a850e8c32f07a3e9f8fa5c0c7ac66a22cffc6c79301f50e11ea2e9c0e
                              • Opcode Fuzzy Hash: e7ace30d2f8466e70a135e9438976f98cc2e8929a4af4227705134379e3db402
                              • Instruction Fuzzy Hash: 304126792003055BE344DA78EC45E2B77D9EFC2660F950A2DF915C3281EE75EE0983A2
                              APIs
                              • VariantInit.OLEAUT32(?), ref: 004AB47B
                              • VariantInit.OLEAUT32(00000000), ref: 004AB4AA
                              • VariantCopyInd.OLEAUT32(00000000), ref: 004AB4B2
                              • SafeArrayGetElement.OLEAUT32(?,?,?), ref: 004AB555
                                • Part of subcall function 004C8E90: HeapAlloc.KERNEL32(009B0000,00000000,00000008,?,?,004AB411,00000008,?), ref: 004C8EA1
                              • VariantCopyInd.OLEAUT32(?), ref: 004AB735
                              • VariantChangeType.OLEAUT32(00000000,?,00000000,?), ref: 004AB750
                              Memory Dump Source
                              • Source File: 00000000.00000002.3434813036.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                              • Associated: 00000000.00000002.3434766312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435007049.000000000054C000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435101431.00000000005F5000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435161295.00000000005F7000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435180881.00000000005F9000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435200925.0000000000602000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435218251.0000000000603000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435236346.0000000000608000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435252552.000000000060A000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000646000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000064B000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435370961.000000000064E000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_400000_99.jbxd
                              Similarity
                              • API ID: Variant$CopyInit$AllocArrayChangeElementHeapSafeType
                              • String ID:
                              • API String ID: 3823512745-0
                              • Opcode ID: 2d7e12335c01e1a16480f362443878472dea35555adfe99588b6d9034deec893
                              • Instruction ID: 2fde2883796f1e23457feab2423eab0f7a229b64d57c6fe61980dc74f6b73175
                              • Opcode Fuzzy Hash: 2d7e12335c01e1a16480f362443878472dea35555adfe99588b6d9034deec893
                              • Instruction Fuzzy Hash: 52D16AB5508341DFC714DF15C840A6ABBE4FF9A314F14892EF88987392E738E945CB96
                              APIs
                              • #17.COMCTL32 ref: 0050EC0F
                              • GetModuleHandleA.KERNEL32(00000000), ref: 0050EC2C
                              • CreateWindowExA.USER32(00000000,Tooltips_class32,00000000,00000003,80000000,80000000,80000000,80000000,00000000,00000000,00000000,00000000), ref: 0050EC58
                              • GetModuleHandleA.KERNEL32(00000000,?,00000011), ref: 0050ECAA
                              • SendMessageA.USER32(00000404,00000000,006027A8,?), ref: 0050ECCF
                              • SendMessageA.USER32(00000418,00000000,006027A8,00000000), ref: 0050ECE8
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.3434813036.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                              • Associated: 00000000.00000002.3434766312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435007049.000000000054C000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435101431.00000000005F5000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435161295.00000000005F7000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435180881.00000000005F9000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435200925.0000000000602000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435218251.0000000000603000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435236346.0000000000608000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435252552.000000000060A000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000646000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000064B000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435370961.000000000064E000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_400000_99.jbxd
                              Similarity
                              • API ID: HandleMessageModuleSend$CreateWindow
                              • String ID: C$Tooltips_class32
                              • API String ID: 681453494-3815411238
                              • Opcode ID: 811bb97968954910d1b7cbca1ce2e5a54f415384269136efc43f5b28c008dd69
                              • Instruction ID: 84a869989fee71218358a1a1315d90d386ffad94b4a1ba8c9302b6799d306754
                              • Opcode Fuzzy Hash: 811bb97968954910d1b7cbca1ce2e5a54f415384269136efc43f5b28c008dd69
                              • Instruction Fuzzy Hash: DE21177098130AFEFB219F90AD5AB9E3EB2FF45715F30A819F6002A0E1C7B15A50DB15
                              APIs
                              • GetStockObject.GDI32(00000011), ref: 005416D8
                              • GetStockObject.GDI32(0000000D), ref: 005416E0
                              • GetObjectA.GDI32(00000000,0000003C,?), ref: 005416ED
                              • GetDC.USER32(00000000), ref: 005416FC
                              • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00541713
                              • MulDiv.KERNEL32(?,00000048,00000000), ref: 0054171F
                              • ReleaseDC.USER32(00000000,00000000), ref: 0054172A
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.3434813036.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                              • Associated: 00000000.00000002.3434766312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435007049.000000000054C000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435101431.00000000005F5000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435161295.00000000005F7000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435180881.00000000005F9000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435200925.0000000000602000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435218251.0000000000603000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435236346.0000000000608000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435252552.000000000060A000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000646000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000064B000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435370961.000000000064E000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_400000_99.jbxd
                              Similarity
                              • API ID: Object$Stock$CapsDeviceRelease
                              • String ID: System
                              • API String ID: 46613423-3470857405
                              • Opcode ID: 08a2777eeba49817e6afb0b99341c7ce51bf89c91126e59099cb25129ca35695
                              • Instruction ID: d1f2ab758e4c334bae3c2b7e8c44ba9155d7c9591d3d9633efebf82a9f1d57ba
                              • Opcode Fuzzy Hash: 08a2777eeba49817e6afb0b99341c7ce51bf89c91126e59099cb25129ca35695
                              • Instruction Fuzzy Hash: 9C118235A41318ABEB109BA1DC49FEE3FB8FB95788F004025FA05E61C0D7709D45DBA4
                              APIs
                              • LoadLibraryA.KERNEL32(user32.dll,?,00000000,00000000,0052FA97,?,Microsoft Visual C++ Runtime Library,00012010,?,005E8EEC,?,005E8F3C,?,?,?,Runtime Error!Program: ), ref: 00537187
                              • GetProcAddress.KERNEL32(00000000,MessageBoxA), ref: 0053719F
                              • GetProcAddress.KERNEL32(00000000,GetActiveWindow), ref: 005371B0
                              • GetProcAddress.KERNEL32(00000000,GetLastActivePopup), ref: 005371BD
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.3434813036.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                              • Associated: 00000000.00000002.3434766312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435007049.000000000054C000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435101431.00000000005F5000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435161295.00000000005F7000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435180881.00000000005F9000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435200925.0000000000602000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435218251.0000000000603000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435236346.0000000000608000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435252552.000000000060A000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000646000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000064B000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435370961.000000000064E000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_400000_99.jbxd
                              Similarity
                              • API ID: AddressProc$LibraryLoad
                              • String ID: GetActiveWindow$GetLastActivePopup$MessageBoxA$user32.dll
                              • API String ID: 2238633743-4044615076
                              • Opcode ID: 33be1eb4e637377951b28226d8b9d29f8754ac7235679b7377d2b97fbca25d05
                              • Instruction ID: bca9dcdaff92248726a793c34333d0384ee0b24b4f0a1876251446c9cf46dc58
                              • Opcode Fuzzy Hash: 33be1eb4e637377951b28226d8b9d29f8754ac7235679b7377d2b97fbca25d05
                              • Instruction Fuzzy Hash: 970184B6A04347AF97219FB69CC095B3FEABB9E751704143BF501C3122DE718802DB60
                              APIs
                              • GetModuleHandleA.KERNEL32(COMCTL32.DLL,00000800,00000000,00000400,0053F8BA,?,00020000), ref: 0053F5C9
                              • LoadLibraryA.KERNEL32(COMCTL32.DLL), ref: 0053F5D2
                              • GetProcAddress.KERNEL32(00000000,InitCommonControlsEx), ref: 0053F5E6
                              • #17.COMCTL32 ref: 0053F601
                              • #17.COMCTL32 ref: 0053F61D
                              • FreeLibrary.KERNEL32(00000000), ref: 0053F629
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.3434813036.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                              • Associated: 00000000.00000002.3434766312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435007049.000000000054C000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435101431.00000000005F5000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435161295.00000000005F7000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435180881.00000000005F9000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435200925.0000000000602000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435218251.0000000000603000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435236346.0000000000608000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435252552.000000000060A000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000646000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000064B000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435370961.000000000064E000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_400000_99.jbxd
                              Similarity
                              • API ID: Library$AddressFreeHandleLoadModuleProc
                              • String ID: COMCTL32.DLL$InitCommonControlsEx
                              • API String ID: 1437655972-4218389149
                              • Opcode ID: e79f320b820c64d2b06a187741b5e3109fcaaad344d7ac8f10b8fbed5f2e1e4c
                              • Instruction ID: fba79ba1a770a62be9c9b4c8147026df534ea601b48b0c8c2340923f27c1f0c3
                              • Opcode Fuzzy Hash: e79f320b820c64d2b06a187741b5e3109fcaaad344d7ac8f10b8fbed5f2e1e4c
                              • Instruction Fuzzy Hash: 25F0283AE062129B87115FB8AD4885F7FACBBE571AF054835F440E3220CB24CC09AB65
                              APIs
                              • CompareStringW.KERNEL32(00000000,00000000,005E917C,00000001,005E917C,00000001,00000000,009511CC,0000000C,00000000,0000000C,00000000,000001D0,00000000,00000000,00529ED2), ref: 005379F3
                              • CompareStringA.KERNEL32(00000000,00000000,005E9178,00000001,005E9178,00000001), ref: 00537A10
                              • CompareStringA.KERNEL32(00500C06,00000000,00000000,00000000,00529ED2,00000000,00000000,009511CC,0000000C,00000000,0000000C,00000000,000001D0,00000000,00000000,00529ED2), ref: 00537A6E
                              • GetCPInfo.KERNEL32(00000000,00000000,00000000,009511CC,0000000C,00000000,0000000C,00000000,000001D0,00000000,00000000,00529ED2,00000000), ref: 00537ABF
                              • MultiByteToWideChar.KERNEL32(00000000,00000009,00000000,00000000,00000000,00000000), ref: 00537B3E
                              • MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,00000000,?,?), ref: 00537B9F
                              • MultiByteToWideChar.KERNEL32(00000000,00000009,00000000,?,00000000,00000000), ref: 00537BB2
                              • MultiByteToWideChar.KERNEL32(?,00000001,?,?,?,00000000), ref: 00537BFE
                              • CompareStringW.KERNEL32(00500C06,00000000,00000000,00000000,?,00000000,?,00000000), ref: 00537C16
                              Memory Dump Source
                              • Source File: 00000000.00000002.3434813036.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                              • Associated: 00000000.00000002.3434766312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435007049.000000000054C000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435101431.00000000005F5000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435161295.00000000005F7000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435180881.00000000005F9000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435200925.0000000000602000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435218251.0000000000603000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435236346.0000000000608000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435252552.000000000060A000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000646000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000064B000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435370961.000000000064E000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_400000_99.jbxd
                              Similarity
                              • API ID: ByteCharCompareMultiStringWide$Info
                              • String ID:
                              • API String ID: 1651298574-0
                              • Opcode ID: 96603b5e215d8cd4474424d7cb1561acd6a345ef5c26f086449e1982aafb823d
                              • Instruction ID: 8d43b706e5187ba8663631f5750437f469426e45bf954ed98c32d1aaa0be8c00
                              • Opcode Fuzzy Hash: 96603b5e215d8cd4474424d7cb1561acd6a345ef5c26f086449e1982aafb823d
                              • Instruction Fuzzy Hash: 4E7179B2D0828EAFCF319F949C459EE7FBAFB49310F14442AF951A3161D2318D91DBA0
                              APIs
                              • LCMapStringW.KERNEL32(00000000,00000100,005E917C,00000001,00000000,00000000,7622E860,0064BDA4,?,?,?,0052B51D,?,?,?,00000000), ref: 00532EE6
                              • LCMapStringA.KERNEL32(00000000,00000100,005E9178,00000001,00000000,00000000,?,?,0052B51D,?,?,?,00000000,00000001), ref: 00532F02
                              • LCMapStringA.KERNEL32(?,?,?,0052B51D,?,?,7622E860,0064BDA4,?,?,?,0052B51D,?,?,?,00000000), ref: 00532F4B
                              • MultiByteToWideChar.KERNEL32(?,0064BDA5,?,0052B51D,00000000,00000000,7622E860,0064BDA4,?,?,?,0052B51D,?,?,?,00000000), ref: 00532F83
                              • MultiByteToWideChar.KERNEL32(00000000,00000001,?,0052B51D,?,00000000,?,?,0052B51D,?), ref: 00532FDB
                              • LCMapStringW.KERNEL32(?,?,00000000,00000000,00000000,00000000,?,?,0052B51D,?), ref: 00532FF1
                              • LCMapStringW.KERNEL32(?,?,?,00000000,?,?,?,?,0052B51D,?), ref: 00533024
                              • LCMapStringW.KERNEL32(?,?,?,?,?,00000000,?,?,0052B51D,?), ref: 0053308C
                              Memory Dump Source
                              • Source File: 00000000.00000002.3434813036.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                              • Associated: 00000000.00000002.3434766312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435007049.000000000054C000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435101431.00000000005F5000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435161295.00000000005F7000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435180881.00000000005F9000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435200925.0000000000602000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435218251.0000000000603000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435236346.0000000000608000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435252552.000000000060A000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000646000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000064B000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435370961.000000000064E000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_400000_99.jbxd
                              Similarity
                              • API ID: String$ByteCharMultiWide
                              • String ID:
                              • API String ID: 352835431-0
                              • Opcode ID: 1e1cf5200c4cb37a7a76daa5a0cdefeed18bfbfa5c710c9c83b9a2606c57efaa
                              • Instruction ID: 4bdf2d04b06de71eeec372893373cb3c028239222b78c6d0eae83f8f0e71cfb2
                              • Opcode Fuzzy Hash: 1e1cf5200c4cb37a7a76daa5a0cdefeed18bfbfa5c710c9c83b9a2606c57efaa
                              • Instruction Fuzzy Hash: C5516B32500649BFCF268F94DC49AEE7FB9FB99B54F104119F915A2160D3328E60EB61
                              APIs
                              • GetModuleFileNameA.KERNEL32(00000000,?,00000104,?), ref: 0052F9E0
                              • GetStdHandle.KERNEL32(000000F4,005E8EEC,00000000,00000000,00000000,?), ref: 0052FAB6
                              • WriteFile.KERNEL32(00000000), ref: 0052FABD
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.3434813036.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                              • Associated: 00000000.00000002.3434766312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435007049.000000000054C000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435101431.00000000005F5000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435161295.00000000005F7000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435180881.00000000005F9000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435200925.0000000000602000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435218251.0000000000603000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435236346.0000000000608000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435252552.000000000060A000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000646000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000064B000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435370961.000000000064E000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_400000_99.jbxd
                              Similarity
                              • API ID: File$HandleModuleNameWrite
                              • String ID: ...$<program name unknown>$Microsoft Visual C++ Runtime Library$Runtime Error!Program:
                              • API String ID: 3784150691-4022980321
                              • Opcode ID: 35e73b0425d623fb58b9fb63cdc018709dee1fa6819062933107d93820865fcb
                              • Instruction ID: 2fc60b780c1aa8b9ac64c0812e33949576f3a3afb9e1550f382f3b41debe2266
                              • Opcode Fuzzy Hash: 35e73b0425d623fb58b9fb63cdc018709dee1fa6819062933107d93820865fcb
                              • Instruction Fuzzy Hash: 2431D672A00229AFDF20A660EC45FEE3F7EFF86304F140576F589960D1D770A9848B61
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.3437150810.0000000010000000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_10000000_99.jbxd
                              Similarity
                              • API ID:
                              • String ID: %I64d$%lf
                              • API String ID: 0-1545097854
                              • Opcode ID: a4c15939d3e60ba9db88d579da1c1132da41a341171e7d735073e2800846d90c
                              • Instruction ID: a68653634a99df22c50c27c61c92b13d05d716d03379e836d9a088690611f418
                              • Opcode Fuzzy Hash: a4c15939d3e60ba9db88d579da1c1132da41a341171e7d735073e2800846d90c
                              • Instruction Fuzzy Hash: 0F516C7A5052424BD738D524BC85AEF73C4EBC0310FE08A2EFA59D21D1DE79DE458392
                              APIs
                              • GetDeviceCaps.GDI32(?,00000058), ref: 004F0098
                              • GetDeviceCaps.GDI32(?,0000005A), ref: 004F00A1
                              • GetDeviceCaps.GDI32(?,0000006E), ref: 004F00B2
                              • GetDeviceCaps.GDI32(?,0000006F), ref: 004F00CF
                              • GetDeviceCaps.GDI32(?,00000070), ref: 004F00E4
                              • GetDeviceCaps.GDI32(?,00000071), ref: 004F00F9
                              • GetDeviceCaps.GDI32(?,00000008), ref: 004F010E
                              • GetDeviceCaps.GDI32(?,0000000A), ref: 004F0123
                                • Part of subcall function 004EFE60: __ftol.LIBCMT ref: 004EFE65
                                • Part of subcall function 004EFE90: __ftol.LIBCMT ref: 004EFE95
                              Memory Dump Source
                              • Source File: 00000000.00000002.3434813036.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                              • Associated: 00000000.00000002.3434766312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435007049.000000000054C000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435101431.00000000005F5000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435161295.00000000005F7000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435180881.00000000005F9000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435200925.0000000000602000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435218251.0000000000603000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435236346.0000000000608000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435252552.000000000060A000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000646000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000064B000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435370961.000000000064E000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_400000_99.jbxd
                              Similarity
                              • API ID: CapsDevice$__ftol
                              • String ID:
                              • API String ID: 1555043975-0
                              • Opcode ID: af0b474607d5c09d41182bb48ee2a941744d1b2d1d3ff9faa9d60353736852d7
                              • Instruction ID: 43e2c31cece28778783089949dae4acec4208bf2090d6b467e6e56c588cb8ace
                              • Opcode Fuzzy Hash: af0b474607d5c09d41182bb48ee2a941744d1b2d1d3ff9faa9d60353736852d7
                              • Instruction Fuzzy Hash: 13515770508740ABD300EF2AC885A6FBBE5FFC9705F01496DF684962A1DB71E9248B96
                              APIs
                              • GetEnvironmentStringsW.KERNEL32(?,00000000,?,?,?,?,0052981D), ref: 0052F3C7
                              • GetEnvironmentStrings.KERNEL32(?,00000000,?,?,?,?,0052981D), ref: 0052F3DB
                              • GetEnvironmentStringsW.KERNEL32(?,00000000,?,?,?,?,0052981D), ref: 0052F407
                              • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000001,00000000,00000000,00000000,00000000,?,00000000,?,?,?,?,0052981D), ref: 0052F43F
                              • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,?,?,?,?,0052981D), ref: 0052F461
                              • FreeEnvironmentStringsW.KERNEL32(00000000,?,00000000,?,?,?,?,0052981D), ref: 0052F47A
                              • GetEnvironmentStrings.KERNEL32(?,00000000,?,?,?,?,0052981D), ref: 0052F48D
                              • FreeEnvironmentStringsA.KERNEL32(00000000), ref: 0052F4CB
                              Memory Dump Source
                              • Source File: 00000000.00000002.3434813036.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                              • Associated: 00000000.00000002.3434766312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435007049.000000000054C000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435101431.00000000005F5000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435161295.00000000005F7000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435180881.00000000005F9000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435200925.0000000000602000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435218251.0000000000603000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435236346.0000000000608000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435252552.000000000060A000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000646000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000064B000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435370961.000000000064E000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_400000_99.jbxd
                              Similarity
                              • API ID: EnvironmentStrings$ByteCharFreeMultiWide
                              • String ID:
                              • API String ID: 1823725401-0
                              • Opcode ID: e325d9ce42528f41532bd0810cbb9347239dc083fca638a1a47c76f1bdc2c4ac
                              • Instruction ID: 7188050bcdc190fe637d0e65aeb3c33f8c59bd742e908a8fcc6ebfd4bb4e06fe
                              • Opcode Fuzzy Hash: e325d9ce42528f41532bd0810cbb9347239dc083fca638a1a47c76f1bdc2c4ac
                              • Instruction Fuzzy Hash: 2131CF725042356FAF207FB8BC8883B7EACFE9B7587150939F552C3181EAA14C4583E1
                              APIs
                              • GlobalLock.KERNEL32(?), ref: 0054000E
                              • lstrcmpA.KERNEL32(?,?), ref: 0054001A
                              • OpenPrinterA.WINSPOOL.DRV(?,?,00000000), ref: 0054002C
                              • DocumentPropertiesA.WINSPOOL.DRV(00000000,?,?,00000000,00000000,00000000,?,?,00000000), ref: 0054004F
                              • GlobalAlloc.KERNEL32(00000042,00000000,00000000,?,?,00000000,00000000,00000000,?,?,00000000), ref: 00540057
                              • GlobalLock.KERNEL32(00000000), ref: 00540064
                              • DocumentPropertiesA.WINSPOOL.DRV(00000000,?,?,00000000,00000000,00000002), ref: 00540071
                              • ClosePrinter.WINSPOOL.DRV(?,00000000,?,?,00000000,00000000,00000002), ref: 0054008F
                                • Part of subcall function 00542E75: GlobalFlags.KERNEL32(?), ref: 00542E7F
                                • Part of subcall function 00542E75: GlobalUnlock.KERNEL32(?), ref: 00542E96
                                • Part of subcall function 00542E75: GlobalFree.KERNEL32(?), ref: 00542EA1
                              Memory Dump Source
                              • Source File: 00000000.00000002.3434813036.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                              • Associated: 00000000.00000002.3434766312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435007049.000000000054C000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435101431.00000000005F5000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435161295.00000000005F7000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435180881.00000000005F9000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435200925.0000000000602000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435218251.0000000000603000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435236346.0000000000608000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435252552.000000000060A000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000646000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000064B000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435370961.000000000064E000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_400000_99.jbxd
                              Similarity
                              • API ID: Global$DocumentLockProperties$AllocCloseFlagsFreeOpenPrinterPrinter.Unlocklstrcmp
                              • String ID:
                              • API String ID: 168474834-0
                              • Opcode ID: d8467a0d00df6498482968977d711dc7ec07c2440475e793caf700b0612207fd
                              • Instruction ID: 09fc155d0ea0f1586be183297c9483088a65fcac814d6cd48496f4b090dabc83
                              • Opcode Fuzzy Hash: d8467a0d00df6498482968977d711dc7ec07c2440475e793caf700b0612207fd
                              • Instruction Fuzzy Hash: 74114875100604BAEF21ABB5CC4EEBFBEADFFCA744F544819F60982062DA719D50A720
                              APIs
                              • VariantInit.OLEAUT32(?), ref: 004AC83A
                              • VariantCopyInd.OLEAUT32(?,?), ref: 004AC84B
                              • VariantClear.OLEAUT32(?), ref: 004ACBEB
                              Memory Dump Source
                              • Source File: 00000000.00000002.3434813036.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                              • Associated: 00000000.00000002.3434766312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435007049.000000000054C000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435101431.00000000005F5000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435161295.00000000005F7000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435180881.00000000005F9000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435200925.0000000000602000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435218251.0000000000603000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435236346.0000000000608000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435252552.000000000060A000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000646000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000064B000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435370961.000000000064E000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_400000_99.jbxd
                              Similarity
                              • API ID: Variant$ClearCopyInit
                              • String ID:
                              • API String ID: 1785138364-0
                              • Opcode ID: 0911939fc32c3647cb65dcca306b7442df1b65127a593b3b5e1237c5830d6ec1
                              • Instruction ID: e2f14d64e1c70b7ef044e5fc55ef952d5acfff7abb78044690579d580affb4d1
                              • Opcode Fuzzy Hash: 0911939fc32c3647cb65dcca306b7442df1b65127a593b3b5e1237c5830d6ec1
                              • Instruction Fuzzy Hash: 15C191B9608201CFD754DF18D5C176BBBE4ABABB00F14442EE9819B350D63AEC45CB6B
                              APIs
                              • CreateFileA.KERNEL32(00000001,80000000,?,0000000C,00000001,00000080,00000000,?,00000000,00000000), ref: 00538435
                              • GetLastError.KERNEL32 ref: 00538441
                              • GetFileType.KERNEL32(00000000), ref: 00538456
                              • CloseHandle.KERNEL32(00000000), ref: 00538461
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.3434813036.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                              • Associated: 00000000.00000002.3434766312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435007049.000000000054C000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435101431.00000000005F5000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435161295.00000000005F7000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435180881.00000000005F9000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435200925.0000000000602000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435218251.0000000000603000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435236346.0000000000608000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435252552.000000000060A000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000646000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000064B000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435370961.000000000064E000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_400000_99.jbxd
                              Similarity
                              • API ID: File$CloseCreateErrorHandleLastType
                              • String ID: @$H
                              • API String ID: 1809617866-104103126
                              • Opcode ID: 522ab856cf20a3c594cee9bb366a75db423f2eaef388b5629ef23a0e23320cf5
                              • Instruction ID: 3e58aee7f1ac3d949c6e8b1b599eacbc71dde0447123a1002270ce81272521ae
                              • Opcode Fuzzy Hash: 522ab856cf20a3c594cee9bb366a75db423f2eaef388b5629ef23a0e23320cf5
                              • Instruction Fuzzy Hash: FC81263180470AABEF298B68CC447BE7F60BF01724F284A59F961AB2D1DFB48E448751
                              APIs
                                • Part of subcall function 00545735: __EH_prolog.LIBCMT ref: 0054573A
                                • Part of subcall function 0053FA53: GetWindowLongA.USER32(?,000000F0), ref: 0053FA5F
                              • SendMessageA.USER32(?,000001A1,00000000,00000000), ref: 00543D94
                              • SendMessageA.USER32(?,0000018B,00000000,00000000), ref: 00543DA3
                              • SendMessageA.USER32(?,0000018E,00000000,00000000), ref: 00543DBC
                              • SendMessageA.USER32(?,0000018E,00000000,00000000), ref: 00543DE4
                              • SendMessageA.USER32(?,0000018B,00000000,00000000), ref: 00543DF3
                              • SendMessageA.USER32(?,00000198,?,?), ref: 00543E09
                              • PtInRect.USER32(?,000000FF,?), ref: 00543E15
                              Memory Dump Source
                              • Source File: 00000000.00000002.3434813036.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                              • Associated: 00000000.00000002.3434766312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435007049.000000000054C000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435101431.00000000005F5000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435161295.00000000005F7000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435180881.00000000005F9000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435200925.0000000000602000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435218251.0000000000603000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435236346.0000000000608000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435252552.000000000060A000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000646000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000064B000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435370961.000000000064E000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_400000_99.jbxd
                              Similarity
                              • API ID: MessageSend$H_prologLongRectWindow
                              • String ID:
                              • API String ID: 2846605207-0
                              • Opcode ID: e49d7ef6af9ca43bed43cfdd2ed740674563142bbf2e1866939c0a1b87e3e916
                              • Instruction ID: 98a1fe9ccd97ce1c7b5c05b0649b149ba3cfb4d31b4a92f7e90570113a9e14b4
                              • Opcode Fuzzy Hash: e49d7ef6af9ca43bed43cfdd2ed740674563142bbf2e1866939c0a1b87e3e916
                              • Instruction Fuzzy Hash: 98312770A0120DFFDF10DF94CC81DEEBBB9FB54348B218469E511A72A0D770AE169B10
                              APIs
                              • RegOpenKeyExA.ADVAPI32(80000001,software,00000000,0002001F,?,?,00000000), ref: 005464AF
                              • RegCreateKeyExA.ADVAPI32(?,?,00000000,00000000,00000000,0002001F,00000000,?,?,?,00000000), ref: 005464D2
                              • RegCreateKeyExA.ADVAPI32(?,?,00000000,00000000,00000000,0002001F,00000000,?,?,?,00000000), ref: 005464F1
                              • RegCloseKey.ADVAPI32(?,?,00000000), ref: 00546501
                              • RegCloseKey.ADVAPI32(?,?,00000000), ref: 0054650B
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.3434813036.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                              • Associated: 00000000.00000002.3434766312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435007049.000000000054C000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435101431.00000000005F5000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435161295.00000000005F7000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435180881.00000000005F9000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435200925.0000000000602000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435218251.0000000000603000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435236346.0000000000608000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435252552.000000000060A000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000646000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000064B000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435370961.000000000064E000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_400000_99.jbxd
                              Similarity
                              • API ID: CloseCreate$Open
                              • String ID: software
                              • API String ID: 1740278721-2010147023
                              • Opcode ID: 4211bce848aaed6908aa8115c2dc768d7588eebb42dd952d93833047ee360fd6
                              • Instruction ID: b08a8c641befd000615ea0c42cef3a8797039ba8739ad845c52b72cf99f4b972
                              • Opcode Fuzzy Hash: 4211bce848aaed6908aa8115c2dc768d7588eebb42dd952d93833047ee360fd6
                              • Instruction Fuzzy Hash: F711E676D01159FBCB21DB96DC88DEFFFBCFF86704B1000AAA504A2121D6719A04DBA1
                              APIs
                              • SystemParametersInfoA.USER32(00000030,00000000,?,00000000), ref: 00528E3C
                              • GetSystemMetrics.USER32(00000000), ref: 00528E54
                              • GetSystemMetrics.USER32(00000001), ref: 00528E5B
                              • lstrcpyA.KERNEL32(?,DISPLAY), ref: 00528E7F
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.3434813036.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                              • Associated: 00000000.00000002.3434766312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435007049.000000000054C000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435101431.00000000005F5000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435161295.00000000005F7000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435180881.00000000005F9000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435200925.0000000000602000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435218251.0000000000603000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435236346.0000000000608000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435252552.000000000060A000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000646000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000064B000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435370961.000000000064E000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_400000_99.jbxd
                              Similarity
                              • API ID: System$Metrics$InfoParameterslstrcpy
                              • String ID: B$DISPLAY
                              • API String ID: 1409579217-3316187204
                              • Opcode ID: 5f6a44f900c2d6668520da929934cb7c83116487d79071808f24e7704d80f9b0
                              • Instruction ID: 494a3857a2ef797382302c39ae154813da38044acf0699acede3e76b9c7c79f0
                              • Opcode Fuzzy Hash: 5f6a44f900c2d6668520da929934cb7c83116487d79071808f24e7704d80f9b0
                              • Instruction Fuzzy Hash: 2111A375A022349BCB119FA4AC84AAF7FACFF1A751B054456FD059E091CBB1D944CBA0
                              APIs
                              • GetStringTypeW.KERNEL32(00000001,005E917C,00000001,?,7622E860,0064BDA4,?,?,0052B51D,?,?,?,00000000,00000001), ref: 005366E7
                              • GetStringTypeA.KERNEL32(00000000,00000001,005E9178,00000001,?,?,0052B51D,?,?,?,00000000,00000001), ref: 00536701
                              • GetStringTypeA.KERNEL32(?,?,?,?,0052B51D,7622E860,0064BDA4,?,?,0052B51D,?,?,?,00000000,00000001), ref: 00536735
                              • MultiByteToWideChar.KERNEL32(?,0064BDA5,?,?,00000000,00000000,7622E860,0064BDA4,?,?,0052B51D,?,?,?,00000000,00000001), ref: 0053676D
                              • MultiByteToWideChar.KERNEL32(?,00000001,?,?,?,?,?,?,?,?,0052B51D,?), ref: 005367C3
                              • GetStringTypeW.KERNEL32(?,?,00000000,0052B51D,?,?,?,?,?,?,0052B51D,?), ref: 005367D5
                              Memory Dump Source
                              • Source File: 00000000.00000002.3434813036.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                              • Associated: 00000000.00000002.3434766312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435007049.000000000054C000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435101431.00000000005F5000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435161295.00000000005F7000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435180881.00000000005F9000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435200925.0000000000602000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435218251.0000000000603000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435236346.0000000000608000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435252552.000000000060A000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000646000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000064B000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435370961.000000000064E000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_400000_99.jbxd
                              Similarity
                              • API ID: StringType$ByteCharMultiWide
                              • String ID:
                              • API String ID: 3852931651-0
                              • Opcode ID: 568151cce9e2c2d2fae7dc7d471c1bd6bfd48ea9c8081073c52ba09bd73e81e5
                              • Instruction ID: dc77b150f07b74984c94779dd56a1bb7ea56e290674d8ee99994f10b32b1ce3d
                              • Opcode Fuzzy Hash: 568151cce9e2c2d2fae7dc7d471c1bd6bfd48ea9c8081073c52ba09bd73e81e5
                              • Instruction Fuzzy Hash: 86418D7660121ABFCF218F94DC85DEE3FB9FB1A758F508829FA12D2250D3318954DBA0
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.3434813036.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                              • Associated: 00000000.00000002.3434766312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435007049.000000000054C000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435101431.00000000005F5000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435161295.00000000005F7000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435180881.00000000005F9000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435200925.0000000000602000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435218251.0000000000603000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435236346.0000000000608000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435252552.000000000060A000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000646000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000064B000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435370961.000000000064E000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_400000_99.jbxd
                              Similarity
                              • API ID: wsprintf
                              • String ID: - $ - [$%d / %d]$?? / %d]
                              • API String ID: 2111968516-3107364983
                              • Opcode ID: bd5d9496a23f1a06d60c2d59f73274d4f862d7a0bbbb5f72cdcf7ae5ac2b94c8
                              • Instruction ID: 8f0fd9912d2e4a47a27c687242279b2fce6fc68a4cf6bf98fcd89a07f5b45230
                              • Opcode Fuzzy Hash: bd5d9496a23f1a06d60c2d59f73274d4f862d7a0bbbb5f72cdcf7ae5ac2b94c8
                              • Instruction Fuzzy Hash: 0B315A78204701AFD314EB24C896FABBBA5FBC4714F00891DF59A83291DB79E805CB52
                              APIs
                              • TlsGetValue.KERNEL32(00647ADC,00647ACC,00000000,?,00647ADC,?,00545710,00647ACC,00000000,?,00000000,00545127,00544A1B,00545143,00540552,005417F4), ref: 005454B3
                              • EnterCriticalSection.KERNEL32(00647AF8,00000010,?,00647ADC,?,00545710,00647ACC,00000000,?,00000000,00545127,00544A1B,00545143,00540552,005417F4), ref: 00545502
                              • LeaveCriticalSection.KERNEL32(00647AF8,00000000,?,00647ADC,?,00545710,00647ACC,00000000,?,00000000,00545127,00544A1B,00545143,00540552,005417F4), ref: 00545515
                              • LocalAlloc.KERNEL32(00000000,00000004,?,00647ADC,?,00545710,00647ACC,00000000,?,00000000,00545127,00544A1B,00545143,00540552,005417F4), ref: 0054552B
                              • LocalReAlloc.KERNEL32(?,00000004,00000002,?,00647ADC,?,00545710,00647ACC,00000000,?,00000000,00545127,00544A1B,00545143,00540552,005417F4), ref: 0054553D
                              • TlsSetValue.KERNEL32(00647ADC,00000000), ref: 00545579
                              Memory Dump Source
                              • Source File: 00000000.00000002.3434813036.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                              • Associated: 00000000.00000002.3434766312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435007049.000000000054C000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435101431.00000000005F5000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435161295.00000000005F7000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435180881.00000000005F9000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435200925.0000000000602000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435218251.0000000000603000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435236346.0000000000608000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435252552.000000000060A000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000646000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000064B000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435370961.000000000064E000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_400000_99.jbxd
                              Similarity
                              • API ID: AllocCriticalLocalSectionValue$EnterLeave
                              • String ID:
                              • API String ID: 4117633390-0
                              • Opcode ID: abd2fb899e6e003e53adb0b77ff50a6122bc4dd299d8b32c707ab68ea34b01bb
                              • Instruction ID: 9bc67a3d8a9adc0485514397dfebfcd175b7ac8d3b05b27b9c42d2497b645842
                              • Opcode Fuzzy Hash: abd2fb899e6e003e53adb0b77ff50a6122bc4dd299d8b32c707ab68ea34b01bb
                              • Instruction Fuzzy Hash: D031AE75100A06EFD724CF68C889FE6BBE9FF86318F008519E456C7651EBB0E808DB60
                              APIs
                              • GetParent.USER32(?), ref: 0054342C
                              • GetLastActivePopup.USER32(?), ref: 0054343B
                              • IsWindowEnabled.USER32(?), ref: 00543450
                              • EnableWindow.USER32(?,00000000), ref: 00543463
                              • GetWindowLongA.USER32(?,000000F0), ref: 00543475
                              • GetParent.USER32(?), ref: 00543483
                              Memory Dump Source
                              • Source File: 00000000.00000002.3434813036.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                              • Associated: 00000000.00000002.3434766312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435007049.000000000054C000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435101431.00000000005F5000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435161295.00000000005F7000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435180881.00000000005F9000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435200925.0000000000602000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435218251.0000000000603000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435236346.0000000000608000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435252552.000000000060A000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000646000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000064B000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435370961.000000000064E000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_400000_99.jbxd
                              Similarity
                              • API ID: Window$Parent$ActiveEnableEnabledLastLongPopup
                              • String ID:
                              • API String ID: 670545878-0
                              • Opcode ID: 48f8b3e39f2a3583446c8b8d55fb527cb3c00e44c4c49cf62c1c009a18c91c1d
                              • Instruction ID: e4ea96255c5b0b40eb5cc07e99c467c5445453a77e55a8889d7ab8fb099d6e68
                              • Opcode Fuzzy Hash: 48f8b3e39f2a3583446c8b8d55fb527cb3c00e44c4c49cf62c1c009a18c91c1d
                              • Instruction Fuzzy Hash: 4511A3366027215B8F235AAA5C4CBEEBE9CBFA5F59F154128EC00E7224DB10DE0152E1
                              APIs
                              • lstrlenA.KERNEL32(?), ref: 00546583
                              • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,00000001), ref: 005465AA
                              • CLSIDFromString.OLE32(?,?,?,00000001), ref: 005465B4
                              • lstrlenA.KERNEL32(?), ref: 005465C5
                              • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,00000001), ref: 005465EC
                              • CLSIDFromProgID.OLE32(?,?,?,00000001), ref: 005465F6
                              Memory Dump Source
                              • Source File: 00000000.00000002.3434813036.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                              • Associated: 00000000.00000002.3434766312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435007049.000000000054C000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435101431.00000000005F5000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435161295.00000000005F7000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435180881.00000000005F9000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435200925.0000000000602000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435218251.0000000000603000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435236346.0000000000608000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435252552.000000000060A000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000646000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000064B000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435370961.000000000064E000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_400000_99.jbxd
                              Similarity
                              • API ID: ByteCharFromMultiWidelstrlen$ProgString
                              • String ID:
                              • API String ID: 2475774695-0
                              • Opcode ID: 8da894a95049a1cbe8b54f4fd759aabb7967554f9fe80cc6a87381225ae2393c
                              • Instruction ID: d2f5a748c8f1ccc7372b7e096e0e30cbf44bde6f3a536d2fddf5a04830b0e513
                              • Opcode Fuzzy Hash: 8da894a95049a1cbe8b54f4fd759aabb7967554f9fe80cc6a87381225ae2393c
                              • Instruction Fuzzy Hash: C8110237005206BBDB205B90DC09FEA3F78FFC3769F604020F81686188E7709615D7A2
                              APIs
                              • GetDC.USER32(?), ref: 0050EDE5
                              • GetDeviceCaps.GDI32(00000000,0000005A), ref: 0050EDF0
                              • MulDiv.KERNEL32(?,00000000,00000048), ref: 0050EDFB
                              • TranslateCharsetInfo.GDI32(?,?,00000002), ref: 0050EE0C
                              • CreateFontA.GDI32(00000000,00000000,00000000,00000000,000002BC,?,?,?,?,00000000,00000000,00000002,00000000,?), ref: 0050EE4D
                              • SendMessageA.USER32(00000030,00000000,00000001), ref: 0050EE60
                              Memory Dump Source
                              • Source File: 00000000.00000002.3434813036.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                              • Associated: 00000000.00000002.3434766312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435007049.000000000054C000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435101431.00000000005F5000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435161295.00000000005F7000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435180881.00000000005F9000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435200925.0000000000602000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435218251.0000000000603000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435236346.0000000000608000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435252552.000000000060A000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000646000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000064B000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435370961.000000000064E000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_400000_99.jbxd
                              Similarity
                              • API ID: CapsCharsetCreateDeviceFontInfoMessageSendTranslate
                              • String ID:
                              • API String ID: 3104757966-0
                              • Opcode ID: abe0b3275731191ec1dbf16ce16d9665ebf6d052d68f791e97f06f2f3a870534
                              • Instruction ID: e1d6b92412f92b884988001d4cc2413fab23ec0a33e07713b563189d58ce01e8
                              • Opcode Fuzzy Hash: abe0b3275731191ec1dbf16ce16d9665ebf6d052d68f791e97f06f2f3a870534
                              • Instruction Fuzzy Hash: B411D071A41619EAEF219FE0DC0AFAD7E75BF04704F204014BA00790E1D7B569619B44
                              APIs
                              • ClientToScreen.USER32(?,?), ref: 00542D27
                              • GetWindow.USER32(?,00000005), ref: 00542D38
                              • GetDlgCtrlID.USER32(00000000), ref: 00542D41
                              • GetWindowLongA.USER32(00000000,000000F0), ref: 00542D50
                              • GetWindowRect.USER32(00000000,?), ref: 00542D62
                              • PtInRect.USER32(?,?,?), ref: 00542D72
                              Memory Dump Source
                              • Source File: 00000000.00000002.3434813036.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                              • Associated: 00000000.00000002.3434766312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435007049.000000000054C000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435101431.00000000005F5000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435161295.00000000005F7000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435180881.00000000005F9000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435200925.0000000000602000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435218251.0000000000603000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435236346.0000000000608000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435252552.000000000060A000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000646000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000064B000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435370961.000000000064E000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_400000_99.jbxd
                              Similarity
                              • API ID: Window$Rect$ClientCtrlLongScreen
                              • String ID:
                              • API String ID: 1315500227-0
                              • Opcode ID: 1583908cd5697bc59a2a1272915d4af32010dbb37561838f2239135a5a6e643c
                              • Instruction ID: 918871329cb0c8036ad3c749dba990cc50fbe2fa4a6a31ad8e31d83949b44979
                              • Opcode Fuzzy Hash: 1583908cd5697bc59a2a1272915d4af32010dbb37561838f2239135a5a6e643c
                              • Instruction Fuzzy Hash: AB01A239901126ABDB119B65DC08EEE7F6CFF96719F804120F911D6160E735D9079BA0
                              APIs
                              • SetWindowLongA.USER32(?,000000FC,Function_0010EF99), ref: 0050F167
                              • SendMessageA.USER32(?,00001108,00000000,00000000), ref: 0050F17D
                              • ImageList_Create.COMCTL32(00000010,00000010,00000010,00000002,0000000A,?,00001108,00000000,00000000,?,000000FC,Function_0010EF99,?,?,?), ref: 0050F190
                              • LoadBitmapA.USER32(00000000,00000FA6), ref: 0050F1A1
                              • ImageList_Add.COMCTL32(00000000,?,00001108,00000000,00000000,?,000000FC,Function_0010EF99,?,?,?), ref: 0050F1B9
                              • DeleteObject.GDI32(00000000), ref: 0050F1C4
                              Memory Dump Source
                              • Source File: 00000000.00000002.3434813036.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                              • Associated: 00000000.00000002.3434766312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435007049.000000000054C000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435101431.00000000005F5000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435161295.00000000005F7000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435180881.00000000005F9000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435200925.0000000000602000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435218251.0000000000603000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435236346.0000000000608000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435252552.000000000060A000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000646000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000064B000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435370961.000000000064E000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_400000_99.jbxd
                              Similarity
                              • API ID: ImageList_$BitmapCreateDeleteLoadLongMessageObjectSendWindow
                              • String ID:
                              • API String ID: 3792727505-0
                              • Opcode ID: ca261b5e34c50d05bbe9f95df54191a4a1d8e8d438071bab9e64b07970dcfd0d
                              • Instruction ID: 0217b1306803c14017661685f2b4327ce28469bba839c45e693e075cea4b299f
                              • Opcode Fuzzy Hash: ca261b5e34c50d05bbe9f95df54191a4a1d8e8d438071bab9e64b07970dcfd0d
                              • Instruction Fuzzy Hash: F70131356C530AFEEB116F52EC1BFAA3E26FF49750F105010BA546C0F2DAB196A0AB40
                              APIs
                              • GetVersionExA.KERNEL32 ref: 0052F7B4
                              • GetEnvironmentVariableA.KERNEL32(__MSVCRT_HEAP_SELECT,?,00001090), ref: 0052F7E9
                              • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 0052F849
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.3434813036.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                              • Associated: 00000000.00000002.3434766312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435007049.000000000054C000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435101431.00000000005F5000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435161295.00000000005F7000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435180881.00000000005F9000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435200925.0000000000602000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435218251.0000000000603000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435236346.0000000000608000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435252552.000000000060A000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000646000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000064B000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435370961.000000000064E000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_400000_99.jbxd
                              Similarity
                              • API ID: EnvironmentFileModuleNameVariableVersion
                              • String ID: __GLOBAL_HEAP_SELECTED$__MSVCRT_HEAP_SELECT
                              • API String ID: 1385375860-4131005785
                              • Opcode ID: bc62f2605362020934d212d6022fffc782a55a63ba23a0a30d038e0fa7270104
                              • Instruction ID: 6cb2ee1a299981df6b4b5df277d86fa1ee9b450c9d332bbd31c95fcbcbccc758
                              • Opcode Fuzzy Hash: bc62f2605362020934d212d6022fffc782a55a63ba23a0a30d038e0fa7270104
                              • Instruction Fuzzy Hash: 143125728412A96DEB3596707C85AEDBFB8BF03704F2844F9D085D61C2E7319D89CB21
                              APIs
                              • SendMessageA.USER32(00000000,00000405,00000000,?), ref: 0053D9C4
                              • GetWindowLongA.USER32(?,000000FC), ref: 0053D9D5
                              • GetWindowLongA.USER32(?,000000FC), ref: 0053D9E5
                              • SetWindowLongA.USER32(?,000000FC,?), ref: 0053DA01
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.3434813036.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                              • Associated: 00000000.00000002.3434766312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435007049.000000000054C000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435101431.00000000005F5000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435161295.00000000005F7000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435180881.00000000005F9000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435200925.0000000000602000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435218251.0000000000603000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435236346.0000000000608000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435252552.000000000060A000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000646000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000064B000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435370961.000000000064E000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_400000_99.jbxd
                              Similarity
                              • API ID: LongWindow$MessageSend
                              • String ID: (
                              • API String ID: 2178440468-3887548279
                              • Opcode ID: 2cfe3238b8818a40959d3c8e0121a8b9c68a05eaf1c4ef677d30002fe162f70b
                              • Instruction ID: f0a13b425fbd7ac8283b6a52cf527654dd279d412c0d7409741b0c939610634a
                              • Opcode Fuzzy Hash: 2cfe3238b8818a40959d3c8e0121a8b9c68a05eaf1c4ef677d30002fe162f70b
                              • Instruction Fuzzy Hash: 8131B032600705AFDB20AF64E849BAABFF4BF89714F114229E54197692DB31E814CFA0
                              APIs
                              • GetModuleFileNameA.KERNEL32(00000000,?,00000104,?,?), ref: 00546002
                                • Part of subcall function 005460EE: lstrlenA.KERNEL32(00000104,00000000,?,00546032), ref: 00546125
                              • lstrcpyA.KERNEL32(?,.HLP,?,?,00000104), ref: 005460A3
                              • lstrcatA.KERNEL32(?,.INI,?,?,00000104), ref: 005460D0
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.3434813036.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                              • Associated: 00000000.00000002.3434766312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435007049.000000000054C000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435101431.00000000005F5000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435161295.00000000005F7000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435180881.00000000005F9000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435200925.0000000000602000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435218251.0000000000603000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435236346.0000000000608000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435252552.000000000060A000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000646000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000064B000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435370961.000000000064E000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_400000_99.jbxd
                              Similarity
                              • API ID: FileModuleNamelstrcatlstrcpylstrlen
                              • String ID: .HLP$.INI
                              • API String ID: 2421895198-3011182340
                              • Opcode ID: b9ab0855bc8616f5d02e3a4e791d2879577d0f54cc443e938d35f6e98ff2110a
                              • Instruction ID: 687e4b94143f0229469a32836d23f8e7c27859c761663298433bec36232fa378
                              • Opcode Fuzzy Hash: b9ab0855bc8616f5d02e3a4e791d2879577d0f54cc443e938d35f6e98ff2110a
                              • Instruction Fuzzy Hash: 733172758047199FDB20DBB0DC89BD6BBFCBF45304F10496AE18DD2151DB70A9848B51
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.3434813036.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                              • Associated: 00000000.00000002.3434766312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435007049.000000000054C000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435101431.00000000005F5000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435161295.00000000005F7000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435180881.00000000005F9000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435200925.0000000000602000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435218251.0000000000603000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435236346.0000000000608000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435252552.000000000060A000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000646000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000064B000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435370961.000000000064E000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_400000_99.jbxd
                              Similarity
                              • API ID: Global$Size$LockUnlock
                              • String ID: BM
                              • API String ID: 2233901773-2348483157
                              • Opcode ID: e2a0ba57cd03956ab3b0f6c206090df166739ac18712aa58c72e316b86b380b2
                              • Instruction ID: add238dc363626ad9a22bc335a982fc99adca23d471164783a6e688d3cae35e5
                              • Opcode Fuzzy Hash: e2a0ba57cd03956ab3b0f6c206090df166739ac18712aa58c72e316b86b380b2
                              • Instruction Fuzzy Hash: 2921C57AD00218ABC710DFA9D845BDEFFB8FF49724F00466AE81AE3381D77459008BA5
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.3434813036.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                              • Associated: 00000000.00000002.3434766312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435007049.000000000054C000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435101431.00000000005F5000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435161295.00000000005F7000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435180881.00000000005F9000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435200925.0000000000602000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435218251.0000000000603000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435236346.0000000000608000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435252552.000000000060A000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000646000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000064B000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435370961.000000000064E000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_400000_99.jbxd
                              Similarity
                              • API ID: wsprintf$ClassInfo
                              • String ID: Afx:%x:%x$Afx:%x:%x:%x:%x:%x
                              • API String ID: 845911565-79760390
                              • Opcode ID: 6852b38b0b7d4ceeed33014555787111aaa39a178761284582840d07ea1843e5
                              • Instruction ID: c54e9308a0144308f13cd277b5f549206668ff5f0f8aaf9c8b3b1c9296e8f619
                              • Opcode Fuzzy Hash: 6852b38b0b7d4ceeed33014555787111aaa39a178761284582840d07ea1843e5
                              • Instruction Fuzzy Hash: 7B212C7190121AAB8F10EFA9D8449DE7FB8FE59744F00402AF904A7201E3308A50EBA5
                              APIs
                              • GetStartupInfoA.KERNEL32(?), ref: 0052F53C
                              • GetFileType.KERNEL32(?,?,00000000), ref: 0052F5E7
                              • GetStdHandle.KERNEL32(-000000F6,?,00000000), ref: 0052F64A
                              • GetFileType.KERNEL32(00000000,?,00000000), ref: 0052F658
                              • SetHandleCount.KERNEL32 ref: 0052F68F
                              Memory Dump Source
                              • Source File: 00000000.00000002.3434813036.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                              • Associated: 00000000.00000002.3434766312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435007049.000000000054C000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435101431.00000000005F5000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435161295.00000000005F7000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435180881.00000000005F9000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435200925.0000000000602000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435218251.0000000000603000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435236346.0000000000608000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435252552.000000000060A000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000646000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000064B000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435370961.000000000064E000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_400000_99.jbxd
                              Similarity
                              • API ID: FileHandleType$CountInfoStartup
                              • String ID:
                              • API String ID: 1710529072-0
                              • Opcode ID: 91e795a07b5b035ea97aef92e3ed66f0f996b4d5041f823d67ed68cb0ab660c8
                              • Instruction ID: aa38b3f7f473b74dd9578e07d205b70b6db504442263ce517a9d7b914c7728d0
                              • Opcode Fuzzy Hash: 91e795a07b5b035ea97aef92e3ed66f0f996b4d5041f823d67ed68cb0ab660c8
                              • Instruction Fuzzy Hash: B551D2316006658BCB20CF78F8886697FB1FF53768F295A78D5528B2E1D730E805C750
                              APIs
                              • midiStreamStop.WINMM(00000000,00000000,00618BC4,00000000,004D245A,00000000,00618E68,004C8936,00618E68,?,004C346F,00618E68,004C1426,00000001,00000000,000000FF), ref: 004D2925
                              • midiOutReset.WINMM(00000000,?,004C346F,00618E68,004C1426,00000001,00000000,000000FF), ref: 004D2943
                              • WaitForSingleObject.KERNEL32(00000000,000007D0,?,004C346F,00618E68,004C1426,00000001,00000000,000000FF), ref: 004D2966
                              • midiStreamClose.WINMM(00000000,?,004C346F,00618E68,004C1426,00000001,00000000,000000FF), ref: 004D29A3
                              • midiStreamClose.WINMM(00000000,?,004C346F,00618E68,004C1426,00000001,00000000,000000FF), ref: 004D29D7
                              Memory Dump Source
                              • Source File: 00000000.00000002.3434813036.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                              • Associated: 00000000.00000002.3434766312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435007049.000000000054C000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435101431.00000000005F5000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435161295.00000000005F7000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435180881.00000000005F9000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435200925.0000000000602000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435218251.0000000000603000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435236346.0000000000608000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435252552.000000000060A000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000646000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000064B000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435370961.000000000064E000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_400000_99.jbxd
                              Similarity
                              • API ID: midi$Stream$Close$ObjectResetSingleStopWait
                              • String ID:
                              • API String ID: 3142198506-0
                              • Opcode ID: 1240519049e1bb298670cfcc1a67b0b9cb9128dfd7d59aff94c488aca486be63
                              • Instruction ID: 21064a0116c2da17bad8ed31890fe1e6ab6b92b9ed4cdd16f6a8cefc3114b374
                              • Opcode Fuzzy Hash: 1240519049e1bb298670cfcc1a67b0b9cb9128dfd7d59aff94c488aca486be63
                              • Instruction Fuzzy Hash: B4316EB27007018BCB309FA9D9E455BB7E5FBA4305B208A6FE186C7700C7B8D845DB98
                              APIs
                              • __EH_prolog.LIBCMT ref: 0053DD87
                              • GetClassInfoA.USER32(?,?,?), ref: 0053DDA2
                              • RegisterClassA.USER32(?), ref: 0053DDAD
                              • lstrcatA.KERNEL32(00000034,?,00000001), ref: 0053DDE4
                              • lstrcatA.KERNEL32(00000034,?), ref: 0053DDF2
                              Memory Dump Source
                              • Source File: 00000000.00000002.3434813036.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                              • Associated: 00000000.00000002.3434766312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435007049.000000000054C000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435101431.00000000005F5000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435161295.00000000005F7000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435180881.00000000005F9000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435200925.0000000000602000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435218251.0000000000603000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435236346.0000000000608000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435252552.000000000060A000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000646000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000064B000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435370961.000000000064E000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_400000_99.jbxd
                              Similarity
                              • API ID: Classlstrcat$H_prologInfoRegister
                              • String ID:
                              • API String ID: 106226465-0
                              • Opcode ID: 131a4dfc19a5c4d477ee6c8655a85d6782c26d4670d01910ebe7d696783df574
                              • Instruction ID: f3b4fef672a919bb638cb8c91be1d37b60724ee3fc6d6757b873a34eb7cce387
                              • Opcode Fuzzy Hash: 131a4dfc19a5c4d477ee6c8655a85d6782c26d4670d01910ebe7d696783df574
                              • Instruction Fuzzy Hash: F4112136500205BFDB00AFA49805BDEBFB8FF96308F008959F802A7192D7B0E604CBB1
                              APIs
                              • DragQueryFileA.SHELL32(?,000000FF,?,00000000,00000104,?,?), ref: 0050EEC2
                              • SendMessageA.USER32(00008075,00000000,?,000000FF), ref: 0050EEDF
                              • DragQueryFileA.SHELL32(?,00000000,00602802,00000104,00008075,00000000,?,000000FF,?,00000000,00000104,?,?), ref: 0050EEF4
                              • SendMessageA.USER32(00008075,?,00602802,?), ref: 0050EF0C
                              • DragFinish.SHELL32(?,00008075,?,00602802,?,00000001,00602802,00000104,00008075,?,00602802,?,00000000,00602802,00000104,00008075), ref: 0050EF21
                              Memory Dump Source
                              • Source File: 00000000.00000002.3434813036.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                              • Associated: 00000000.00000002.3434766312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435007049.000000000054C000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435101431.00000000005F5000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435161295.00000000005F7000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435180881.00000000005F9000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435200925.0000000000602000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435218251.0000000000603000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435236346.0000000000608000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435252552.000000000060A000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000646000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000064B000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435370961.000000000064E000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_400000_99.jbxd
                              Similarity
                              • API ID: Drag$FileMessageQuerySend$Finish
                              • String ID:
                              • API String ID: 1356817148-0
                              • Opcode ID: c1907e2b0400107d17c9aad2e55b62492fc7775e1a0ee56f0999d95e08fdb906
                              • Instruction ID: a77db4459facc03d6d4cd0e570f1fc4e22a8f0d08f2e8149c061c2f6a3e6e4de
                              • Opcode Fuzzy Hash: c1907e2b0400107d17c9aad2e55b62492fc7775e1a0ee56f0999d95e08fdb906
                              • Instruction Fuzzy Hash: E50128381C521AFADB516F60AC9AEAA3F26BF14724F20D110BA65181E5CBB15924AA10
                              APIs
                              • GetLastError.KERNEL32(00000103,7FFFFFFF,0052BB12,0052E51C,00000000,?,?,00000000,00000001), ref: 0052F703
                              • TlsGetValue.KERNEL32(?,?,00000000,00000001), ref: 0052F711
                              • SetLastError.KERNEL32(00000000,?,?,00000000,00000001), ref: 0052F75D
                                • Part of subcall function 0052BF06: HeapAlloc.KERNEL32(00000008,?,00000000,00000000,00000001,0052F726,00000001,00000074,?,?,00000000,00000001), ref: 0052BFFC
                              • TlsSetValue.KERNEL32(00000000,?,?,00000000,00000001), ref: 0052F735
                              • GetCurrentThreadId.KERNEL32 ref: 0052F746
                              Memory Dump Source
                              • Source File: 00000000.00000002.3434813036.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                              • Associated: 00000000.00000002.3434766312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435007049.000000000054C000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435101431.00000000005F5000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435161295.00000000005F7000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435180881.00000000005F9000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435200925.0000000000602000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435218251.0000000000603000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435236346.0000000000608000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435252552.000000000060A000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000646000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000064B000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435370961.000000000064E000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_400000_99.jbxd
                              Similarity
                              • API ID: ErrorLastValue$AllocCurrentHeapThread
                              • String ID:
                              • API String ID: 2020098873-0
                              • Opcode ID: 9a58968f8aa98a8dc48b01046d3497070b565617b2ad74d90818cc68bc3769e5
                              • Instruction ID: 9048e8ab25aef57892417a4a5e02fbc72d22827ca5cd50b43b587ce2580eeb7c
                              • Opcode Fuzzy Hash: 9a58968f8aa98a8dc48b01046d3497070b565617b2ad74d90818cc68bc3769e5
                              • Instruction Fuzzy Hash: EEF0903A5022329BD7612B70BD0D69A3F61FF93775B140539FA81E62E2DB608804A7A0
                              APIs
                              • GlobalLock.KERNEL32 ref: 005415BE
                              • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,00000020), ref: 00541611
                              • GlobalUnlock.KERNEL32(?), ref: 005416A8
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.3434813036.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                              • Associated: 00000000.00000002.3434766312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435007049.000000000054C000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435101431.00000000005F5000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435161295.00000000005F7000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435180881.00000000005F9000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435200925.0000000000602000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435218251.0000000000603000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435236346.0000000000608000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435252552.000000000060A000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000646000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000064B000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435370961.000000000064E000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_400000_99.jbxd
                              Similarity
                              • API ID: Global$ByteCharLockMultiUnlockWide
                              • String ID: @
                              • API String ID: 231414890-2766056989
                              • Opcode ID: aa32d082fed59859967f73e3228cfe235ac173e820f1ef712284171755c065ef
                              • Instruction ID: c50c40d5a292f88d71e70f231e440ddbd0c56b5dbb1f872f7b37fb252eca63da
                              • Opcode Fuzzy Hash: aa32d082fed59859967f73e3228cfe235ac173e820f1ef712284171755c065ef
                              • Instruction Fuzzy Hash: B641F33290061AEBCB14DFA4C8859EEBFB4FF41358F158169E8169B284D7309A86CF94
                              APIs
                              • GetMenuCheckMarkDimensions.USER32 ref: 00545BFF
                              • CreateBitmap.GDI32(?,?,00000001,00000001,?), ref: 00545CAE
                              • LoadBitmapA.USER32(00000000,00007FE3), ref: 00545CC6
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.3434813036.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                              • Associated: 00000000.00000002.3434766312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435007049.000000000054C000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435101431.00000000005F5000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435161295.00000000005F7000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435180881.00000000005F9000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435200925.0000000000602000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435218251.0000000000603000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435236346.0000000000608000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435252552.000000000060A000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000646000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000064B000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435370961.000000000064E000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_400000_99.jbxd
                              Similarity
                              • API ID: Bitmap$CheckCreateDimensionsLoadMarkMenu
                              • String ID:
                              • API String ID: 2596413745-3916222277
                              • Opcode ID: ae0503e2269556be34e2f26d59a3c7beb07d937a9dfc98e347f13dececd2001e
                              • Instruction ID: b67c00775160e8c00b2ef40c368885f91d943c2fbfa7e5252b089106b59fdc75
                              • Opcode Fuzzy Hash: ae0503e2269556be34e2f26d59a3c7beb07d937a9dfc98e347f13dececd2001e
                              • Instruction Fuzzy Hash: 33210376E00215AFEB108B789DC5BED7BB9EB85318F1541A6E505EB282D6709A448B80
                              APIs
                              • GetCurrentDirectoryA.KERNEL32(00000104,?,?), ref: 00537098
                                • Part of subcall function 005370FC: GetDriveTypeA.KERNEL32(?,?,0053703E,?,?), ref: 0053711B
                              • GetFullPathNameA.KERNEL32(?,00000104,?,?,?), ref: 00537084
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.3434813036.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                              • Associated: 00000000.00000002.3434766312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435007049.000000000054C000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435101431.00000000005F5000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435161295.00000000005F7000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435180881.00000000005F9000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435200925.0000000000602000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435218251.0000000000603000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435236346.0000000000608000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435252552.000000000060A000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000646000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000064B000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435370961.000000000064E000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_400000_99.jbxd
                              Similarity
                              • API ID: CurrentDirectoryDriveFullNamePathType
                              • String ID: .$:
                              • API String ID: 3995704478-4202072812
                              • Opcode ID: 6241a7effe45fb02a42c2f88ec8a5062337f04b19ca2674dff36899c1d44b283
                              • Instruction ID: ec055a0e63003280ba0d9e7e9f7df86ee537318daa6440f52085a3935ecd11a3
                              • Opcode Fuzzy Hash: 6241a7effe45fb02a42c2f88ec8a5062337f04b19ca2674dff36899c1d44b283
                              • Instruction Fuzzy Hash: D721C9B160C24EDBEB299F65D889BEA3FA8BF45300F104455F895C7081DBB4D5849E21
                              APIs
                              • InterlockedIncrement.KERNEL32(0064BDA4), ref: 0053855D
                              • InterlockedDecrement.KERNEL32(0064BDA4), ref: 00538574
                                • Part of subcall function 00531FA4: InitializeCriticalSection.KERNEL32(00000000,00000000,?,?,0052BFBC,00000009,00000000,00000000,00000001,0052F726,00000001,00000074,?,?,00000000,00000001), ref: 00531FE1
                                • Part of subcall function 00531FA4: EnterCriticalSection.KERNEL32(?,?,?,0052BFBC,00000009,00000000,00000000,00000001,0052F726,00000001,00000074,?,?,00000000,00000001), ref: 00531FFC
                              • InterlockedDecrement.KERNEL32(0064BDA4), ref: 005385A4
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.3434813036.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                              • Associated: 00000000.00000002.3434766312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435007049.000000000054C000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435101431.00000000005F5000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435161295.00000000005F7000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435180881.00000000005F9000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435200925.0000000000602000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435218251.0000000000603000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435236346.0000000000608000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435252552.000000000060A000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000646000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000064B000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435370961.000000000064E000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_400000_99.jbxd
                              Similarity
                              • API ID: Interlocked$CriticalDecrementSection$EnterIncrementInitialize
                              • String ID: a`S
                              • API String ID: 2038102319-566957036
                              • Opcode ID: 5a843d1db5dd3733da8147282db83b21d6aab421749efe299f708e6bb3a1003f
                              • Instruction ID: e72fbf0b5ca77864136a34d9f8fde636214dca959f99ed44cf98b849e60bfd14
                              • Opcode Fuzzy Hash: 5a843d1db5dd3733da8147282db83b21d6aab421749efe299f708e6bb3a1003f
                              • Instruction Fuzzy Hash: B7F0E93690231A7FEF112F94EC85DEB3F98FFD5324F040076F50005050DBB18A159A91
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.3434813036.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                              • Associated: 00000000.00000002.3434766312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435007049.000000000054C000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435101431.00000000005F5000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435161295.00000000005F7000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435180881.00000000005F9000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435200925.0000000000602000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435218251.0000000000603000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435236346.0000000000608000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435252552.000000000060A000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000646000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000064B000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435370961.000000000064E000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_400000_99.jbxd
                              Similarity
                              • API ID: H_prolog
                              • String ID: zd$`zd$yd
                              • API String ID: 3519838083-3234465191
                              • Opcode ID: b39413f6daf96c84bd13449ba6711f0b1dae5854232d6cccc00766e77a61cb9b
                              • Instruction ID: 02477f551cfbdb511ae5b3944add1fe1a685df593699f66faae9d087cc22a0f0
                              • Opcode Fuzzy Hash: b39413f6daf96c84bd13449ba6711f0b1dae5854232d6cccc00766e77a61cb9b
                              • Instruction Fuzzy Hash: C9018F32901320CBDB38AF18A6087A9FFB0BB04711F0405AED456936D0CB70AE80CB61
                              APIs
                              • lstrcpyA.KERNEL32(?,rundll32.exe shell32.dll,,?,?), ref: 0050F68C
                              • lstrcatA.KERNEL32(?,00000000,?,rundll32.exe shell32.dll,,?,?), ref: 0050F69B
                              • lstrcatA.KERNEL32(?,00000000,?,00000000,?,rundll32.exe shell32.dll,,?,?), ref: 0050F6AA
                              Strings
                              • rundll32.exe shell32.dll,, xrefs: 0050F680
                              Memory Dump Source
                              • Source File: 00000000.00000002.3434813036.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                              • Associated: 00000000.00000002.3434766312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435007049.000000000054C000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435101431.00000000005F5000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435161295.00000000005F7000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435180881.00000000005F9000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435200925.0000000000602000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435218251.0000000000603000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435236346.0000000000608000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435252552.000000000060A000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000646000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000064B000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435370961.000000000064E000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_400000_99.jbxd
                              Similarity
                              • API ID: lstrcat$lstrcpy
                              • String ID: rundll32.exe shell32.dll,
                              • API String ID: 2482611188-2498177239
                              • Opcode ID: 1f0022ac193381c474d7c29f0ff58d7fd006a0f528e96721ba40ccb443169184
                              • Instruction ID: 2617edbad3db2737c912f90a7fc7b32795a1eee8061fe9597d45f98670efd29d
                              • Opcode Fuzzy Hash: 1f0022ac193381c474d7c29f0ff58d7fd006a0f528e96721ba40ccb443169184
                              • Instruction Fuzzy Hash: 38F0D43280021BEBCF10AFD0DC45ADDBB7ABF55318F244491A104A71A1DB75AAA5DF84
                              APIs
                              • GetWindowLongA.USER32(00000000,000000F0), ref: 00542CB4
                              • GetClassNameA.USER32(00000000,?,0000000A), ref: 00542CCF
                              • lstrcmpiA.KERNEL32(?,combobox), ref: 00542CDE
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.3434813036.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                              • Associated: 00000000.00000002.3434766312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435007049.000000000054C000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435101431.00000000005F5000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435161295.00000000005F7000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435180881.00000000005F9000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435200925.0000000000602000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435218251.0000000000603000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435236346.0000000000608000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435252552.000000000060A000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000646000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000064B000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435370961.000000000064E000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_400000_99.jbxd
                              Similarity
                              • API ID: ClassLongNameWindowlstrcmpi
                              • String ID: combobox
                              • API String ID: 2054663530-2240613097
                              • Opcode ID: 26da9138da245270e6c5c840cee1aab6e6489a891ab9002953fcdf390e1864db
                              • Instruction ID: e80b64738fe156ce484046e66762c5dd1483db8c6466ff0e125fdd5a1a571050
                              • Opcode Fuzzy Hash: 26da9138da245270e6c5c840cee1aab6e6489a891ab9002953fcdf390e1864db
                              • Instruction Fuzzy Hash: EFE0ED35644209BBCF009F60DC8AADD3FB8FB11309F108520F417D50E0CA70E9089A60
                              APIs
                              • wsprintfA.USER32 ref: 10027B78
                              • MessageBoxA.USER32(00000000,?,error,00000010), ref: 10027B8F
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.3437150810.0000000010000000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_10000000_99.jbxd
                              Similarity
                              • API ID: Messagewsprintf
                              • String ID: error$program internal error number is %d. %s
                              • API String ID: 300413163-3752934751
                              • Opcode ID: 9b981b78a64c18401d7889df049e23280723fff9be08447d19cff6f5f57e3dd4
                              • Instruction ID: e1549d366f44cd83cf328da68a9c66535f66093051f9031b2c984319b6cde580
                              • Opcode Fuzzy Hash: 9b981b78a64c18401d7889df049e23280723fff9be08447d19cff6f5f57e3dd4
                              • Instruction Fuzzy Hash: B9E092755002006BE344EBA4ECAAFAA33A8E708701FC0085EF34981180EBB1A9548616
                              Memory Dump Source
                              • Source File: 00000000.00000002.3434813036.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                              • Associated: 00000000.00000002.3434766312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435007049.000000000054C000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435101431.00000000005F5000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435161295.00000000005F7000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435180881.00000000005F9000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435200925.0000000000602000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435218251.0000000000603000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435236346.0000000000608000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435252552.000000000060A000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000646000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000064B000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435370961.000000000064E000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_400000_99.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 79a7ea2843b0da821c5a1fa35c5ee9ed4d0b62fff179f54f808e178f780ba695
                              • Instruction ID: b7b7fa869e336da76f20426b43276fb6e12a26d78b75dbdcbd8cccea920b61b1
                              • Opcode Fuzzy Hash: 79a7ea2843b0da821c5a1fa35c5ee9ed4d0b62fff179f54f808e178f780ba695
                              • Instruction Fuzzy Hash: 3591D371D00525AACF21EB68EC449EE7FB5FF97360F240A16F814B61D2D7319E408BA4
                              APIs
                              • HeapAlloc.KERNEL32(00000000,00002020,0060A210,0060A210,?,?,005341F8,00000000,00000010,00000000,00000009,00000009,?,0052B151,00000010,00000000), ref: 00533D4D
                              • VirtualAlloc.KERNEL32(00000000,00400000,00002000,00000004,?,?,005341F8,00000000,00000010,00000000,00000009,00000009,?,0052B151,00000010,00000000), ref: 00533D71
                              • VirtualAlloc.KERNEL32(00000000,00010000,00001000,00000004,?,?,005341F8,00000000,00000010,00000000,00000009,00000009,?,0052B151,00000010,00000000), ref: 00533D8B
                              • VirtualFree.KERNEL32(00000000,00000000,00008000,?,?,005341F8,00000000,00000010,00000000,00000009,00000009,?,0052B151,00000010,00000000,?), ref: 00533E4C
                              • HeapFree.KERNEL32(00000000,00000000,?,?,005341F8,00000000,00000010,00000000,00000009,00000009,?,0052B151,00000010,00000000,?,00000000), ref: 00533E63
                              Memory Dump Source
                              • Source File: 00000000.00000002.3434813036.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                              • Associated: 00000000.00000002.3434766312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435007049.000000000054C000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435101431.00000000005F5000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435161295.00000000005F7000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435180881.00000000005F9000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435200925.0000000000602000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435218251.0000000000603000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435236346.0000000000608000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435252552.000000000060A000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000646000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000064B000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435370961.000000000064E000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_400000_99.jbxd
                              Similarity
                              • API ID: AllocVirtual$FreeHeap
                              • String ID:
                              • API String ID: 714016831-0
                              • Opcode ID: d5ab1b31079c66cdceed97e0e1ad54e340f4d1974d135f1a9cb9e47bfd8e68fa
                              • Instruction ID: 83c52c09a900e9d90de1a3336ef6b8681c4759b1798247ab9bce7ff222fda854
                              • Opcode Fuzzy Hash: d5ab1b31079c66cdceed97e0e1ad54e340f4d1974d135f1a9cb9e47bfd8e68fa
                              • Instruction Fuzzy Hash: 173177B06807029FD3308F28EC40B62BFE5FB95B94F144939E155972D0E7B2AA40DB65
                              APIs
                              • midiStreamOpen.WINMM(00618BE0,00618C08,00000001,004D3880,00618BC4,00030000,00000000,00618BC4,?,00000000), ref: 004D327B
                              • midiStreamProperty.WINMM ref: 004D3362
                              • midiOutPrepareHeader.WINMM(00000000,00000000,00000040,00000001,00000000,00000000,00618BC4,?,00000000), ref: 004D34B0
                              Memory Dump Source
                              • Source File: 00000000.00000002.3434813036.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                              • Associated: 00000000.00000002.3434766312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435007049.000000000054C000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435101431.00000000005F5000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435161295.00000000005F7000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435180881.00000000005F9000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435200925.0000000000602000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435218251.0000000000603000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435236346.0000000000608000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435252552.000000000060A000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000646000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000064B000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435370961.000000000064E000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_400000_99.jbxd
                              Similarity
                              • API ID: midi$Stream$HeaderOpenPrepareProperty
                              • String ID:
                              • API String ID: 2061886437-0
                              • Opcode ID: 36e3e6eaf4652b0ae5c466f88dfba8ca0b7a2a6f46250b3d4cdf11ffc6832f0d
                              • Instruction ID: 0f8a9b40ff80a8caecb51f169ff819f44f179adf2afe3162a225d9cb0f1064a3
                              • Opcode Fuzzy Hash: 36e3e6eaf4652b0ae5c466f88dfba8ca0b7a2a6f46250b3d4cdf11ffc6832f0d
                              • Instruction Fuzzy Hash: 4BA18CB52006058FD724DF29D9A0BAAB7F6FB84304F10492EE686C7750EB35FA19CB41
                              APIs
                              • ReadFile.KERNEL32(000001D0,000001D0,00000000,000001D0,00000000,00000000,00000000,00000000), ref: 0053585A
                              • GetLastError.KERNEL32 ref: 00535864
                              • ReadFile.KERNEL32(?,?,00000001,000001D0,00000000), ref: 0053592A
                              • GetLastError.KERNEL32 ref: 00535934
                              Memory Dump Source
                              • Source File: 00000000.00000002.3434813036.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                              • Associated: 00000000.00000002.3434766312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435007049.000000000054C000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435101431.00000000005F5000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435161295.00000000005F7000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435180881.00000000005F9000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435200925.0000000000602000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435218251.0000000000603000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435236346.0000000000608000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435252552.000000000060A000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000646000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000064B000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435370961.000000000064E000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_400000_99.jbxd
                              Similarity
                              • API ID: ErrorFileLastRead
                              • String ID:
                              • API String ID: 1948546556-0
                              • Opcode ID: 5a135abd776a5f218b82cc4944163d225fa0a88afda069322a47f25cde5cfa31
                              • Instruction ID: b37caed4269187c968bfc7849892a4de4d3a90af6b7dfbfede61610376927247
                              • Opcode Fuzzy Hash: 5a135abd776a5f218b82cc4944163d225fa0a88afda069322a47f25cde5cfa31
                              • Instruction Fuzzy Hash: EB510735604B89DFDF228F58C8847A9BFF0FF16314F146499E8A68B292E370C945CB51
                              APIs
                              Memory Dump Source
                              • Source File: 00000000.00000002.3434813036.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                              • Associated: 00000000.00000002.3434766312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435007049.000000000054C000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435101431.00000000005F5000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435161295.00000000005F7000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435180881.00000000005F9000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435200925.0000000000602000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435218251.0000000000603000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435236346.0000000000608000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435252552.000000000060A000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000646000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000064B000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435370961.000000000064E000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_400000_99.jbxd
                              Similarity
                              • API ID: DeleteObject$Release
                              • String ID:
                              • API String ID: 2600533906-0
                              • Opcode ID: d54928923b20b56af05671da30eddbe71e2590f2c464a44f721e66a0091daba3
                              • Instruction ID: 487a9785aedb7857a082fa433f58ab41f3e6e561bc971146020a99ceddb424f3
                              • Opcode Fuzzy Hash: d54928923b20b56af05671da30eddbe71e2590f2c464a44f721e66a0091daba3
                              • Instruction Fuzzy Hash: C3517CB1A006449FDB14DF29C484B9A7BE6BF94305F08817AED4DCF30AEB349949CB65
                              APIs
                              • WriteFile.KERNEL32(?,?,?,00000000,00000000,00000001,?,?), ref: 005356B7
                              Memory Dump Source
                              • Source File: 00000000.00000002.3434813036.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                              • Associated: 00000000.00000002.3434766312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435007049.000000000054C000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435101431.00000000005F5000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435161295.00000000005F7000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435180881.00000000005F9000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435200925.0000000000602000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435218251.0000000000603000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435236346.0000000000608000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435252552.000000000060A000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000646000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000064B000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435370961.000000000064E000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_400000_99.jbxd
                              Similarity
                              • API ID: FileWrite
                              • String ID:
                              • API String ID: 3934441357-0
                              • Opcode ID: 9db0df2ee2903f79dbf1bdedb678f96f731a4689bb479eb4b33b285b6c251ff6
                              • Instruction ID: 40a64d3d0e93a9abe62ae31429dab08ff5670208e0383ab84a4079c67b3ccdd3
                              • Opcode Fuzzy Hash: 9db0df2ee2903f79dbf1bdedb678f96f731a4689bb479eb4b33b285b6c251ff6
                              • Instruction Fuzzy Hash: 3751BF71900618EFCF12CF68C985AAD7FF5FF81380F6495A5E8159B261E770DA40DB60
                              APIs
                              • InternetCanonicalizeUrlA.WININET(00000801,?,00000101,?), ref: 0054473A
                              • GetLastError.KERNEL32 ref: 00544740
                              • InternetCanonicalizeUrlA.WININET(00000801,00000000,00000824,?), ref: 00544766
                              • InternetCrackUrlA.WININET(?,00000000,?,-00000009), ref: 0054478C
                              Memory Dump Source
                              • Source File: 00000000.00000002.3434813036.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                              • Associated: 00000000.00000002.3434766312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435007049.000000000054C000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435101431.00000000005F5000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435161295.00000000005F7000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435180881.00000000005F9000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435200925.0000000000602000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435218251.0000000000603000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435236346.0000000000608000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435252552.000000000060A000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000646000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000064B000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435370961.000000000064E000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_400000_99.jbxd
                              Similarity
                              • API ID: Internet$Canonicalize$CrackErrorLast
                              • String ID:
                              • API String ID: 2691905175-0
                              • Opcode ID: 0edc84bed2c370eb239b75811c9b9b551c1c2090fb8859a4a9e77fffa10f77b5
                              • Instruction ID: dab352f426c67be9d1dbd3e9035283d57abf7753cdebfe552e4e9fdfa06a4633
                              • Opcode Fuzzy Hash: 0edc84bed2c370eb239b75811c9b9b551c1c2090fb8859a4a9e77fffa10f77b5
                              • Instruction Fuzzy Hash: 0B413AB55402499FDB118F54D880BEB3FE4FB0A398F118452F81197250DB74EE92DFA0
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.3434813036.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                              • Associated: 00000000.00000002.3434766312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435007049.000000000054C000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435101431.00000000005F5000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435161295.00000000005F7000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435180881.00000000005F9000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435200925.0000000000602000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435218251.0000000000603000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435236346.0000000000608000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435252552.000000000060A000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000646000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000064B000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435370961.000000000064E000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_400000_99.jbxd
                              Similarity
                              • API ID:
                              • String ID: Accept: */*
                              • API String ID: 0-2827933647
                              • Opcode ID: 8e6bac0cef7f163601468e2a5cdfb778ede802ba7945e743f61b8c5447a7cb28
                              • Instruction ID: bef67fb1d209ccce7523b2699743659f95159b820fd5f106c6e3430c2ce5b9b6
                              • Opcode Fuzzy Hash: 8e6bac0cef7f163601468e2a5cdfb778ede802ba7945e743f61b8c5447a7cb28
                              • Instruction Fuzzy Hash: D13101763012058BEF18DF94D888AF6BB98FBA5311F14946EE915CB285DBB1DCC4C7A0
                              APIs
                                • Part of subcall function 00531FA4: InitializeCriticalSection.KERNEL32(00000000,00000000,?,?,0052BFBC,00000009,00000000,00000000,00000001,0052F726,00000001,00000074,?,?,00000000,00000001), ref: 00531FE1
                                • Part of subcall function 00531FA4: EnterCriticalSection.KERNEL32(?,?,?,0052BFBC,00000009,00000000,00000000,00000001,0052F726,00000001,00000074,?,?,00000000,00000001), ref: 00531FFC
                              • InitializeCriticalSection.KERNEL32(00000068,00000100,00000080,?,00000000,?,?,005383FF,?,00000000,00000000), ref: 0052EC48
                              • EnterCriticalSection.KERNEL32(00000068,00000100,00000080,?,00000000,?,?,005383FF,?,00000000,00000000), ref: 0052EC5D
                              • LeaveCriticalSection.KERNEL32(00000068,?,00000000,?,?,005383FF,?,00000000,00000000), ref: 0052EC6A
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.3434813036.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                              • Associated: 00000000.00000002.3434766312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435007049.000000000054C000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435101431.00000000005F5000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435161295.00000000005F7000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435180881.00000000005F9000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435200925.0000000000602000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435218251.0000000000603000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435236346.0000000000608000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435252552.000000000060A000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000646000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000064B000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435370961.000000000064E000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_400000_99.jbxd
                              Similarity
                              • API ID: CriticalSection$EnterInitialize$Leave
                              • String ID:
                              • API String ID: 713024617-3916222277
                              • Opcode ID: 64f18df6657aa3b69f1b898717257da06644157ae77f4368f84fd07c618ded30
                              • Instruction ID: 8d0b768101435dfe34ac3f36fc73b432e19479058ab2adf1df436c124b4ed5ae
                              • Opcode Fuzzy Hash: 64f18df6657aa3b69f1b898717257da06644157ae77f4368f84fd07c618ded30
                              • Instruction Fuzzy Hash: FF3112725057118FD3249FA4EC8AB9A7FE0BF82328F248A2DE5615B1D1D7B0EC488721
                              APIs
                              • malloc.MSVCRT ref: 10029FB3
                              • LCMapStringA.KERNEL32(00000804,00400000,?,?,00000000,?,?,?,?,?,000009DC,00000000,?,10028774,00000001,?), ref: 10029FE7
                              • free.MSVCRT ref: 10029FF6
                              • free.MSVCRT ref: 1002A014
                              Memory Dump Source
                              • Source File: 00000000.00000002.3437150810.0000000010000000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_10000000_99.jbxd
                              Similarity
                              • API ID: free$Stringmalloc
                              • String ID:
                              • API String ID: 3576809655-0
                              • Opcode ID: 3d87b46e14f2d497d9d28619afb4a5b0de044c8a0172bd5c8dfa7591265ad328
                              • Instruction ID: fe1f6c240ce4a888f48c4ee73cb5f64fbc811d22bf13276520b53d25543597c8
                              • Opcode Fuzzy Hash: 3d87b46e14f2d497d9d28619afb4a5b0de044c8a0172bd5c8dfa7591265ad328
                              • Instruction Fuzzy Hash: 2311D27A2042042BD348DA78AC45E7BB3D9DBC5265FA0463EF226D22C1EE71ED094365
                              APIs
                                • Part of subcall function 005433F9: GetParent.USER32(?), ref: 0054342C
                                • Part of subcall function 005433F9: GetLastActivePopup.USER32(?), ref: 0054343B
                                • Part of subcall function 005433F9: IsWindowEnabled.USER32(?), ref: 00543450
                                • Part of subcall function 005433F9: EnableWindow.USER32(?,00000000), ref: 00543463
                              • SendMessageA.USER32(?,00000376,00000000,00000000), ref: 005432B7
                              • GetModuleFileNameA.KERNEL32(00000000,?,00000104,00000000,?,00000000), ref: 00543325
                              • MessageBoxA.USER32(00000000,?,?,00000000), ref: 00543333
                              • EnableWindow.USER32(00000000,00000001), ref: 0054334F
                              Memory Dump Source
                              • Source File: 00000000.00000002.3434813036.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                              • Associated: 00000000.00000002.3434766312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435007049.000000000054C000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435101431.00000000005F5000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435161295.00000000005F7000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435180881.00000000005F9000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435200925.0000000000602000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435218251.0000000000603000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435236346.0000000000608000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435252552.000000000060A000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000646000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000064B000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435370961.000000000064E000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_400000_99.jbxd
                              Similarity
                              • API ID: Window$EnableMessage$ActiveEnabledFileLastModuleNameParentPopupSend
                              • String ID:
                              • API String ID: 1958756768-0
                              • Opcode ID: 54bb2094195918d2d1ba464472edf0985e27cb2f179b756e49eec37e04b33a44
                              • Instruction ID: 2146d2ca33157d944cae5323d146696caddf3e5938a4f5fcd70e14892b53ae7d
                              • Opcode Fuzzy Hash: 54bb2094195918d2d1ba464472edf0985e27cb2f179b756e49eec37e04b33a44
                              • Instruction Fuzzy Hash: AD21B476900205AFDB209F94CC86BEDBFB9FB44708F244869E611E71A0DBB19F44DB50
                              APIs
                              • lstrcpynA.KERNEL32(0053FDD0,?,00000104,?,?,?,?,?,?,?,0053FDBE,?), ref: 0053FDFE
                              • GetFileTime.KERNEL32(00000000,0053FDBE,?,?,?,?,?,?,?,?,?,0053FDBE,?), ref: 0053FE1F
                              • GetFileSize.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,0053FDBE,?), ref: 0053FE2E
                              • GetFileAttributesA.KERNEL32(?,?,?,?,?,?,?,?,0053FDBE,?), ref: 0053FE4F
                              Memory Dump Source
                              • Source File: 00000000.00000002.3434813036.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                              • Associated: 00000000.00000002.3434766312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435007049.000000000054C000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435101431.00000000005F5000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435161295.00000000005F7000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435180881.00000000005F9000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435200925.0000000000602000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435218251.0000000000603000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435236346.0000000000608000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435252552.000000000060A000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000646000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000064B000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435370961.000000000064E000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_400000_99.jbxd
                              Similarity
                              • API ID: File$AttributesSizeTimelstrcpyn
                              • String ID:
                              • API String ID: 1499663573-0
                              • Opcode ID: fdd86710e271446bc4f26490e0f87c2e615e28c0ec81840c94d441cbb0abeb3b
                              • Instruction ID: b8cc9055a487e830bb1e346992ecfd4ba6eeca12739cbc1e4230e2347cf7e460
                              • Opcode Fuzzy Hash: fdd86710e271446bc4f26490e0f87c2e615e28c0ec81840c94d441cbb0abeb3b
                              • Instruction Fuzzy Hash: 7C316176900205AFC710DFA4CC85E9BBBFCBF55310F10492DE556D75A1E770A988DB90
                              APIs
                              • GetVersion.KERNEL32 ref: 005297AD
                                • Part of subcall function 0052F8DD: HeapCreate.KERNELBASE(00000000,00001000,00000000,005297E5,00000001), ref: 0052F8EE
                                • Part of subcall function 0052F8DD: HeapDestroy.KERNEL32 ref: 0052F92D
                              • GetCommandLineA.KERNEL32 ref: 0052980D
                              • GetStartupInfoA.KERNEL32(?), ref: 00529838
                              • GetModuleHandleA.KERNEL32(00000000,00000000,?,0000000A), ref: 0052985B
                                • Part of subcall function 005298B4: ExitProcess.KERNEL32 ref: 005298D1
                              Memory Dump Source
                              • Source File: 00000000.00000002.3434813036.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                              • Associated: 00000000.00000002.3434766312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435007049.000000000054C000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435101431.00000000005F5000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435161295.00000000005F7000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435180881.00000000005F9000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435200925.0000000000602000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435218251.0000000000603000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435236346.0000000000608000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435252552.000000000060A000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000646000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000064B000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435370961.000000000064E000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_400000_99.jbxd
                              Similarity
                              • API ID: Heap$CommandCreateDestroyExitHandleInfoLineModuleProcessStartupVersion
                              • String ID:
                              • API String ID: 2057626494-0
                              • Opcode ID: 162b79d198623947d914a3ffce0e8364ca59805b9bb4b13a01321e1b7b38a310
                              • Instruction ID: f482327f0394d380a2830946930bc29ad6a87f565b69c13c424ef0d9a55d4632
                              • Opcode Fuzzy Hash: 162b79d198623947d914a3ffce0e8364ca59805b9bb4b13a01321e1b7b38a310
                              • Instruction Fuzzy Hash: B4216BB1940326AADB08AFA0BC5AA6D7FB9FF87700F144539F9059A2D1DB748800CB60
                              APIs
                              • CreateFileA.KERNEL32(?,40000000,00000000,00000000,00000002,00000020,00000000,00000000,00000000,80000005), ref: 10028DC8
                              • WriteFile.KERNEL32(00000000,?,?,?,00000000,1002C201,?,0000026C,?,?,?,?,?,?,-00000008,1002C1F9), ref: 10028E07
                              • CloseHandle.KERNEL32(00000000,?,0000026C,?,?,?,?,?,?,-00000008,1002C1F9,00000000), ref: 10028E1A
                              • CloseHandle.KERNEL32(00000000,1002C201,?,0000026C,?,?,?,?,?,?,-00000008,1002C1F9,00000000), ref: 10028E35
                              Memory Dump Source
                              • Source File: 00000000.00000002.3437150810.0000000010000000.00000040.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_10000000_99.jbxd
                              Similarity
                              • API ID: CloseFileHandle$CreateWrite
                              • String ID:
                              • API String ID: 3602564925-0
                              • Opcode ID: f9af3b4438a18f4fcfa420cea5e243ba5770887f090d6cd41c32e5e75a4bd746
                              • Instruction ID: f6076fed0b983a52129b8cb4bf2c1cdfe7202da6017c1e667b93af5c44e6f27f
                              • Opcode Fuzzy Hash: f9af3b4438a18f4fcfa420cea5e243ba5770887f090d6cd41c32e5e75a4bd746
                              • Instruction Fuzzy Hash: 39118E36201301ABE710DF18ECC5F6BB7E8FB84714F550919FA6497290D370E90E8B66
                              APIs
                              Memory Dump Source
                              • Source File: 00000000.00000002.3434813036.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                              • Associated: 00000000.00000002.3434766312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435007049.000000000054C000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435101431.00000000005F5000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435161295.00000000005F7000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435180881.00000000005F9000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435200925.0000000000602000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435218251.0000000000603000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435236346.0000000000608000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435252552.000000000060A000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000646000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000064B000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435370961.000000000064E000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_400000_99.jbxd
                              Similarity
                              • API ID: wsprintf$lstrcatlstrcpy
                              • String ID:
                              • API String ID: 4031970712-0
                              • Opcode ID: 99a4bf00d0dff6fda8296f78b5e061020bede06566c20e13ad2c841c840e4c73
                              • Instruction ID: 947a5647de11db97b36c00c1502d4bd3c909775d33bb54fe473253ff697999ec
                              • Opcode Fuzzy Hash: 99a4bf00d0dff6fda8296f78b5e061020bede06566c20e13ad2c841c840e4c73
                              • Instruction Fuzzy Hash: 0711517294021DEBCB11DB94DD86FDEB7BCEF18314F1000A1B518E3282D6759B508B95
                              APIs
                              • GetCurrentProcess.KERNEL32(?,00000000,00000000,00000002), ref: 0053BEC8
                              • GetCurrentProcess.KERNEL32(?,00000000), ref: 0053BECE
                              • DuplicateHandle.KERNEL32(00000000), ref: 0053BED1
                              • GetLastError.KERNEL32(00000000), ref: 0053BEEB
                              Memory Dump Source
                              • Source File: 00000000.00000002.3434813036.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                              • Associated: 00000000.00000002.3434766312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435007049.000000000054C000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435101431.00000000005F5000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435161295.00000000005F7000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435180881.00000000005F9000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435200925.0000000000602000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435218251.0000000000603000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435236346.0000000000608000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435252552.000000000060A000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000646000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000064B000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435370961.000000000064E000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_400000_99.jbxd
                              Similarity
                              • API ID: CurrentProcess$DuplicateErrorHandleLast
                              • String ID:
                              • API String ID: 3907606552-0
                              • Opcode ID: c16d73e69ebc692f3198c9844c7eab85d3caae7470317ffc029dd454154670dc
                              • Instruction ID: 74967a20cd1cd0f300b7dcf62c8ec6477457071288b327968e1aa4788a6d2c59
                              • Opcode Fuzzy Hash: c16d73e69ebc692f3198c9844c7eab85d3caae7470317ffc029dd454154670dc
                              • Instruction Fuzzy Hash: CC018479704204ABEB109BE99C4AF9A7FADFF84720F144515BB14CB291EBB0DC00A760
                              APIs
                              • WindowFromPoint.USER32(?,?), ref: 0053A6FD
                              • GetParent.USER32(00000000), ref: 0053A70A
                              • ScreenToClient.USER32(00000000,?), ref: 0053A72B
                              • IsWindowEnabled.USER32(00000000), ref: 0053A744
                                • Part of subcall function 00542CA3: GetWindowLongA.USER32(00000000,000000F0), ref: 00542CB4
                              Memory Dump Source
                              • Source File: 00000000.00000002.3434813036.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                              • Associated: 00000000.00000002.3434766312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435007049.000000000054C000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435101431.00000000005F5000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435161295.00000000005F7000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435180881.00000000005F9000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435200925.0000000000602000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435218251.0000000000603000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435236346.0000000000608000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435252552.000000000060A000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000646000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000064B000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435370961.000000000064E000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_400000_99.jbxd
                              Similarity
                              • API ID: Window$ClientEnabledFromLongParentPointScreen
                              • String ID:
                              • API String ID: 2204725058-0
                              • Opcode ID: 1daeb0eea59c6a1a83bcb4d9289f0aa15f67b689d5b043f039c566e304bbbe50
                              • Instruction ID: b77fc0c545eba6f98d47b715aae5bc0800eb3560743fc15abf1c143436ab1eb8
                              • Opcode Fuzzy Hash: 1daeb0eea59c6a1a83bcb4d9289f0aa15f67b689d5b043f039c566e304bbbe50
                              • Instruction Fuzzy Hash: 34018B3A601910BF8B169B68DC98DAEBFB9FFCA750F144028F945E3210EB30DD0197A1
                              APIs
                              • GetDlgItem.USER32(?,?), ref: 0053E857
                              • GetTopWindow.USER32(00000000), ref: 0053E86A
                              • GetTopWindow.USER32(?), ref: 0053E89A
                              • GetWindow.USER32(00000000,00000002), ref: 0053E8B5
                              Memory Dump Source
                              • Source File: 00000000.00000002.3434813036.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                              • Associated: 00000000.00000002.3434766312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435007049.000000000054C000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435101431.00000000005F5000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435161295.00000000005F7000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435180881.00000000005F9000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435200925.0000000000602000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435218251.0000000000603000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435236346.0000000000608000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435252552.000000000060A000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000646000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000064B000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435370961.000000000064E000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_400000_99.jbxd
                              Similarity
                              • API ID: Window$Item
                              • String ID:
                              • API String ID: 369458955-0
                              • Opcode ID: d9fe98d27fdaff10b5f9671b15f938f051d9df876a2352e6fc13e2441e810bec
                              • Instruction ID: a1290fe9fcb272e89909b5828cb849ea4f2bdbf5e41bf9f2fb17a78a04dd2da9
                              • Opcode Fuzzy Hash: d9fe98d27fdaff10b5f9671b15f938f051d9df876a2352e6fc13e2441e810bec
                              • Instruction Fuzzy Hash: 36018636901227B7EF222FA59C06FAFBFE9BF91750F054021FD14A10D1DB31C9119AA5
                              APIs
                              • GetTopWindow.USER32(?), ref: 0053E8D3
                              • SendMessageA.USER32(00000000,?,?,?), ref: 0053E909
                              • GetTopWindow.USER32(00000000), ref: 0053E916
                              • GetWindow.USER32(00000000,00000002), ref: 0053E934
                              Memory Dump Source
                              • Source File: 00000000.00000002.3434813036.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                              • Associated: 00000000.00000002.3434766312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435007049.000000000054C000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435101431.00000000005F5000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435161295.00000000005F7000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435180881.00000000005F9000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435200925.0000000000602000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435218251.0000000000603000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435236346.0000000000608000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435252552.000000000060A000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000646000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000064B000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435370961.000000000064E000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_400000_99.jbxd
                              Similarity
                              • API ID: Window$MessageSend
                              • String ID:
                              • API String ID: 1496643700-0
                              • Opcode ID: 0d304b3c439dbb4c24c3ec8ad571beb97dfcc09e8fdcd9e48b25af3bf1e4afc3
                              • Instruction ID: 0ea565adb5a888016cfa3dd695c669113ddf4712c0627ae352ced55409490be0
                              • Opcode Fuzzy Hash: 0d304b3c439dbb4c24c3ec8ad571beb97dfcc09e8fdcd9e48b25af3bf1e4afc3
                              • Instruction Fuzzy Hash: AD01E53600211ABBCF526F959C0AEDF7FAABF95750F054010FA14610A5C736C972EBA1
                              APIs
                              • RegSetValueExA.ADVAPI32(00000000,?,00000000,00000004,?,00000004,?,?), ref: 00543651
                              • RegCloseKey.ADVAPI32(00000000,?,?), ref: 0054365A
                              • wsprintfA.USER32 ref: 00543676
                              • WritePrivateProfileStringA.KERNEL32(?,?,?,?), ref: 0054368F
                              Memory Dump Source
                              • Source File: 00000000.00000002.3434813036.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                              • Associated: 00000000.00000002.3434766312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435007049.000000000054C000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435101431.00000000005F5000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435161295.00000000005F7000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435180881.00000000005F9000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435200925.0000000000602000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435218251.0000000000603000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435236346.0000000000608000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435252552.000000000060A000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000646000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000064B000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435370961.000000000064E000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_400000_99.jbxd
                              Similarity
                              • API ID: ClosePrivateProfileStringValueWritewsprintf
                              • String ID:
                              • API String ID: 1902064621-0
                              • Opcode ID: 9ed0525f4cc5e9496837619a044ac0551d09a631e36887f1ca00b9be9549ca3b
                              • Instruction ID: cb40c551662d52b31ee788ae5cd2ce1a945a905da3fe0ad5a47c7c9a9529335a
                              • Opcode Fuzzy Hash: 9ed0525f4cc5e9496837619a044ac0551d09a631e36887f1ca00b9be9549ca3b
                              • Instruction Fuzzy Hash: 5501A2B640121ABBCB115F68DC09FEE3FA9BF45718F054425FA199A1A1EB70C5249B84
                              APIs
                              • InterlockedExchange.KERNEL32(006482A8,00000001), ref: 00539019
                              • InitializeCriticalSection.KERNEL32(00648290,?,?,?,00538FB0), ref: 00539024
                              • EnterCriticalSection.KERNEL32(00648290,?,?,?,00538FB0), ref: 00539063
                              Memory Dump Source
                              • Source File: 00000000.00000002.3434813036.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                              • Associated: 00000000.00000002.3434766312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435007049.000000000054C000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435101431.00000000005F5000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435161295.00000000005F7000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435180881.00000000005F9000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435200925.0000000000602000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435218251.0000000000603000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435236346.0000000000608000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435252552.000000000060A000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000646000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000064B000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435370961.000000000064E000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_400000_99.jbxd
                              Similarity
                              • API ID: CriticalSection$EnterExchangeInitializeInterlocked
                              • String ID:
                              • API String ID: 3643093385-0
                              • Opcode ID: d0cb9cc136fc6b8b24ef482bcf411563f6304b44b91d7058748249b2a7102598
                              • Instruction ID: 20c944be415756f468d367971d409290e8cb648a8b12bd0710f1165ccfee16ec
                              • Opcode Fuzzy Hash: d0cb9cc136fc6b8b24ef482bcf411563f6304b44b91d7058748249b2a7102598
                              • Instruction Fuzzy Hash: E4F0F6F9344A00EFD7295B59AC8DA6F3F6DFBA2792F200522F241C20A0DFF04840A790
                              APIs
                              • GetObjectA.GDI32(00000000,0000000C,?), ref: 0053EFF2
                              • SetBkColor.GDI32(00000000,00000000), ref: 0053EFFE
                              • GetSysColor.USER32(00000008), ref: 0053F00E
                              • SetTextColor.GDI32(00000000,?), ref: 0053F018
                                • Part of subcall function 00542CA3: GetWindowLongA.USER32(00000000,000000F0), ref: 00542CB4
                              Memory Dump Source
                              • Source File: 00000000.00000002.3434813036.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                              • Associated: 00000000.00000002.3434766312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435007049.000000000054C000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435101431.00000000005F5000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435161295.00000000005F7000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435180881.00000000005F9000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435200925.0000000000602000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435218251.0000000000603000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435236346.0000000000608000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435252552.000000000060A000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000646000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000064B000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435370961.000000000064E000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_400000_99.jbxd
                              Similarity
                              • API ID: Color$LongObjectTextWindow
                              • String ID:
                              • API String ID: 2871169696-0
                              • Opcode ID: fecd1ecb83e194a9545984815e1f0988136b28a47fde3c2fb5371baaf9916a2c
                              • Instruction ID: 51a1251cdd47d4ca905fa00c0cf56d01b79e66daf307c9cf26be3c7579b5e6b9
                              • Opcode Fuzzy Hash: fecd1ecb83e194a9545984815e1f0988136b28a47fde3c2fb5371baaf9916a2c
                              • Instruction Fuzzy Hash: 7E012435900109BBDB295F68EC4DAAE3FA8FB55308F144530FA02D50E2C771E895EBA1
                              APIs
                              • GetWindowExtEx.GDI32(?,?), ref: 005420ED
                              • GetViewportExtEx.GDI32(?,?), ref: 005420FA
                              • MulDiv.KERNEL32(?,00000000,00000000), ref: 0054211F
                              • MulDiv.KERNEL32(?,00000000,00000000), ref: 0054213A
                              Memory Dump Source
                              • Source File: 00000000.00000002.3434813036.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                              • Associated: 00000000.00000002.3434766312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435007049.000000000054C000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435101431.00000000005F5000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435161295.00000000005F7000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435180881.00000000005F9000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435200925.0000000000602000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435218251.0000000000603000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435236346.0000000000608000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435252552.000000000060A000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000646000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000064B000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435370961.000000000064E000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_400000_99.jbxd
                              Similarity
                              • API ID: ViewportWindow
                              • String ID:
                              • API String ID: 1589084482-0
                              • Opcode ID: df9fa9d49a4565c5ecd93fad859c52ae945db82ff82a4bab6799c9316d90d444
                              • Instruction ID: ca4ec6d7f714568cb0e2beb025f0b49209b56c43c89fc678fc1110797ba45958
                              • Opcode Fuzzy Hash: df9fa9d49a4565c5ecd93fad859c52ae945db82ff82a4bab6799c9316d90d444
                              • Instruction Fuzzy Hash: 5BF01976800119BFEB116FA0ED0A8BEBFBDFF95310710442AF852A2171EB726D51DB60
                              APIs
                              • GetWindowExtEx.GDI32(?,?), ref: 00542156
                              • GetViewportExtEx.GDI32(?,?), ref: 00542163
                              • MulDiv.KERNEL32(?,00000000,00000000), ref: 00542188
                              • MulDiv.KERNEL32(?,00000000,00000000), ref: 005421A3
                              Memory Dump Source
                              • Source File: 00000000.00000002.3434813036.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                              • Associated: 00000000.00000002.3434766312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435007049.000000000054C000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435101431.00000000005F5000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435161295.00000000005F7000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435180881.00000000005F9000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435200925.0000000000602000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435218251.0000000000603000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435236346.0000000000608000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435252552.000000000060A000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000646000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000064B000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435370961.000000000064E000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_400000_99.jbxd
                              Similarity
                              • API ID: ViewportWindow
                              • String ID:
                              • API String ID: 1589084482-0
                              • Opcode ID: fe14a78b8ed19c35e677ec988163280b0284aa04bd739f0d021bc2a9502a7868
                              • Instruction ID: b8408b2e5833cd475309abc8bf32e9573a9f1442397cf8874ba8358d28b0161f
                              • Opcode Fuzzy Hash: fe14a78b8ed19c35e677ec988163280b0284aa04bd739f0d021bc2a9502a7868
                              • Instruction Fuzzy Hash: F5F01976800119BFEB116FA0ED0A8BEBFBDFF95310710442AF852A2171EB726D51DB60
                              APIs
                              • lstrlenA.KERNEL32(?), ref: 00542D9A
                              • GetWindowTextA.USER32(?,?,00000100), ref: 00542DB6
                              • lstrcmpA.KERNEL32(?,?), ref: 00542DCA
                              • SetWindowTextA.USER32(?,?), ref: 00542DDA
                              Memory Dump Source
                              • Source File: 00000000.00000002.3434813036.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                              • Associated: 00000000.00000002.3434766312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435007049.000000000054C000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435101431.00000000005F5000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435161295.00000000005F7000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435180881.00000000005F9000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435200925.0000000000602000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435218251.0000000000603000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435236346.0000000000608000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435252552.000000000060A000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000646000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000064B000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435370961.000000000064E000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_400000_99.jbxd
                              Similarity
                              • API ID: TextWindow$lstrcmplstrlen
                              • String ID:
                              • API String ID: 330964273-0
                              • Opcode ID: d110d724b9dc19b71c3728966030133a5a65b219185798c48961f7539f5aa257
                              • Instruction ID: 662d3ccef08f23141c0f887fd39f0ba1547acb246cc2cdb2a7c7e858bca27236
                              • Opcode Fuzzy Hash: d110d724b9dc19b71c3728966030133a5a65b219185798c48961f7539f5aa257
                              • Instruction Fuzzy Hash: 64F08C7A401028BBCF226F64DC08ADD7F78FB19398F018021F885E2120D7B0CA99DB90
                              APIs
                              • __startOneArgErrorHandling.LIBCMT ref: 005299E2
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.3434813036.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                              • Associated: 00000000.00000002.3434766312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435007049.000000000054C000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435101431.00000000005F5000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435161295.00000000005F7000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435180881.00000000005F9000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435200925.0000000000602000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435218251.0000000000603000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435236346.0000000000608000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435252552.000000000060A000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000646000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000064B000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435370961.000000000064E000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_400000_99.jbxd
                              Similarity
                              • API ID: ErrorHandling__start
                              • String ID: pow
                              • API String ID: 3213639722-2276729525
                              • Opcode ID: ee1f693806e32cba7085a823a11877b28e781152aa73c19149ad10022d41c8de
                              • Instruction ID: 17556976182aa258f6900d2fdb7c1c0dc04e24b76efbc6a8e79ead497a20b5b3
                              • Opcode Fuzzy Hash: ee1f693806e32cba7085a823a11877b28e781152aa73c19149ad10022d41c8de
                              • Instruction Fuzzy Hash: 00513821A0830286CF157718ED613BA6F94FF52710F20AD6CE5D9423E9EB348DD8DB46
                              APIs
                                • Part of subcall function 004C1190: GetCurrentThreadId.KERNEL32 ref: 004C11B5
                                • Part of subcall function 004C1190: IsWindow.USER32(000103CC), ref: 004C11D1
                                • Part of subcall function 004C1190: SendMessageA.USER32(000103CC,000083E7,?,00000000), ref: 004C11EA
                                • Part of subcall function 004C1190: ExitProcess.KERNEL32 ref: 004C11FF
                              • DeleteCriticalSection.KERNEL32(006198E8,?,?,?,?,?,?,?,?,004C889D), ref: 004BD7CA
                                • Part of subcall function 0053D871: __EH_prolog.LIBCMT ref: 0053D876
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.3434813036.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                              • Associated: 00000000.00000002.3434766312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435007049.000000000054C000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435101431.00000000005F5000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435161295.00000000005F7000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435180881.00000000005F9000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435200925.0000000000602000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435218251.0000000000603000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435236346.0000000000608000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435252552.000000000060A000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000646000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000064B000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435370961.000000000064E000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_400000_99.jbxd
                              Similarity
                              • API ID: CriticalCurrentDeleteExitH_prologMessageProcessSectionSendThreadWindow
                              • String ID: !$#
                              • API String ID: 2888814780-2504090897
                              • Opcode ID: e8356c5911d630ec19aedf0c0f1e6d8921f38c6f398aca146ea2a419a23c7eae
                              • Instruction ID: f0489b2bfa2f635a8b8feecb7214153e15b64d2f208459429cc4145a83533797
                              • Opcode Fuzzy Hash: e8356c5911d630ec19aedf0c0f1e6d8921f38c6f398aca146ea2a419a23c7eae
                              • Instruction Fuzzy Hash: DB911FB44087828AD315EF75C4547DBBFE4AFA6348F14084DE4DA47293DBB9A248C7B2
                              APIs
                              • GetCPInfo.KERNEL32(?,00000000), ref: 0052EA68
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.3434813036.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                              • Associated: 00000000.00000002.3434766312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435007049.000000000054C000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435101431.00000000005F5000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435161295.00000000005F7000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435180881.00000000005F9000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435200925.0000000000602000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435218251.0000000000603000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435236346.0000000000608000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435252552.000000000060A000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000646000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000064B000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435370961.000000000064E000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_400000_99.jbxd
                              Similarity
                              • API ID: Info
                              • String ID: $
                              • API String ID: 1807457897-3032137957
                              • Opcode ID: 85f51a283daecd9888b0e482cb754f440a8d3bc69011b7a86547aec731d82fb5
                              • Instruction ID: 2361e99352e42f174d14cd867506347ffd375d9080265fba082c4395203858c1
                              • Opcode Fuzzy Hash: 85f51a283daecd9888b0e482cb754f440a8d3bc69011b7a86547aec731d82fb5
                              • Instruction Fuzzy Hash: F5413B310042A85EDB168B24EC9BBFA7FAABF03754F1814E5D54BC72D3C3654948DB62
                              APIs
                                • Part of subcall function 0052C6AC: RaiseException.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,00529867,00000000), ref: 0052C6DA
                              • __EH_prolog.LIBCMT ref: 00539892
                              • lstrcpynA.KERNEL32(?,?,00000104), ref: 0053997F
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.3434813036.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                              • Associated: 00000000.00000002.3434766312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435007049.000000000054C000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435101431.00000000005F5000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435161295.00000000005F7000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435180881.00000000005F9000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435200925.0000000000602000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435218251.0000000000603000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435236346.0000000000608000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435252552.000000000060A000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000646000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000064B000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435370961.000000000064E000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_400000_99.jbxd
                              Similarity
                              • API ID: ExceptionH_prologRaiselstrcpyn
                              • String ID: P_d
                              • API String ID: 2915105959-3825275768
                              • Opcode ID: c0148b0de63c5c766ae7a52bc1da3b1b8f3f763dfc7089de2c2f5206d9c77be5
                              • Instruction ID: bec6a0fc07e305889804415aa3e15c4cb33a0ecd5cfd64fa8e0ec732e230eb62
                              • Opcode Fuzzy Hash: c0148b0de63c5c766ae7a52bc1da3b1b8f3f763dfc7089de2c2f5206d9c77be5
                              • Instruction Fuzzy Hash: 3B4179B1500746DFDB21DF68C885B9BBFE4FF45304F00482EE69A97242DBB4A504CBA1
                              APIs
                              • GetDriveTypeA.KERNEL32(?,?,0053703E,?,?), ref: 0053711B
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.3434813036.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                              • Associated: 00000000.00000002.3434766312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435007049.000000000054C000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435101431.00000000005F5000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435161295.00000000005F7000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435180881.00000000005F9000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435200925.0000000000602000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435218251.0000000000603000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435236346.0000000000608000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435252552.000000000060A000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000646000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000064B000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435370961.000000000064E000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_400000_99.jbxd
                              Similarity
                              • API ID: DriveType
                              • String ID: :$\
                              • API String ID: 338552980-1166558509
                              • Opcode ID: f77e4e0a524ce93785d72782dd9f59a8556c27432bd99bf2e84e4aa3c86fd5d1
                              • Instruction ID: 8008557174dd1760a82ed6750e71017d670d7b1d8b7eb4770a194a43c88ca0b5
                              • Opcode Fuzzy Hash: f77e4e0a524ce93785d72782dd9f59a8556c27432bd99bf2e84e4aa3c86fd5d1
                              • Instruction Fuzzy Hash: 05E0487264C28C9DEF118EA4D4447993FDC9B15788F08C055F84CCD141E5B5D645C351
                              APIs
                              Memory Dump Source
                              • Source File: 00000000.00000002.3434813036.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                              • Associated: 00000000.00000002.3434766312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435007049.000000000054C000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435101431.00000000005F5000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435161295.00000000005F7000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435180881.00000000005F9000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435200925.0000000000602000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435218251.0000000000603000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435236346.0000000000608000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435252552.000000000060A000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000646000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000064B000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435370961.000000000064E000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_400000_99.jbxd
                              Similarity
                              • API ID: wsprintf
                              • String ID:
                              • API String ID: 2111968516-0
                              • Opcode ID: a4e597a82d9ee52d5a60cb829d2da789cd3e4143f04cfc95c6b4b03ed06a2487
                              • Instruction ID: cba9672a086b27b5462c524fa0f6eea2cb56e50452b99a404a11ffdf02079eb4
                              • Opcode Fuzzy Hash: a4e597a82d9ee52d5a60cb829d2da789cd3e4143f04cfc95c6b4b03ed06a2487
                              • Instruction Fuzzy Hash: 5031E4B65053045BC204DF68E849E6BBBE8FFC5754F040A1DF94693281EB75DE08C6A6
                              APIs
                              • EnterCriticalSection.KERNEL32(?), ref: 0054560B
                              • LeaveCriticalSection.KERNEL32(?,?), ref: 0054561B
                              • LocalFree.KERNEL32(?), ref: 00545624
                              • TlsSetValue.KERNEL32(?,00000000), ref: 0054563A
                              Memory Dump Source
                              • Source File: 00000000.00000002.3434813036.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                              • Associated: 00000000.00000002.3434766312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435007049.000000000054C000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435101431.00000000005F5000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435161295.00000000005F7000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435180881.00000000005F9000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435200925.0000000000602000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435218251.0000000000603000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435236346.0000000000608000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435252552.000000000060A000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000646000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000064B000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435370961.000000000064E000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_400000_99.jbxd
                              Similarity
                              • API ID: CriticalSection$EnterFreeLeaveLocalValue
                              • String ID:
                              • API String ID: 2949335588-0
                              • Opcode ID: 8aded9f5ea8e3b81064c010f6bba173935fc20859f27fe1fa2e7690983323926
                              • Instruction ID: 166823d846dbb334856edf762ff1ae89b69250b2951e75ccdf981fa7d791ab39
                              • Opcode Fuzzy Hash: 8aded9f5ea8e3b81064c010f6bba173935fc20859f27fe1fa2e7690983323926
                              • Instruction Fuzzy Hash: DC217936201A01EFDB25CF58C888BEA7BB5FF86719F108069F5428B1A2D7B1E841DF10
                              APIs
                              • HeapReAlloc.KERNEL32(00000000,00000050,00000000,00000000,00533652,00000000,00000000,00000000,0052B0F3,00000000,00000000,?,00000000,00000000,00000000), ref: 005338B2
                              • HeapAlloc.KERNEL32(00000008,000041C4,00000000,00000000,00533652,00000000,00000000,00000000,0052B0F3,00000000,00000000,?,00000000,00000000,00000000), ref: 005338E6
                              • VirtualAlloc.KERNEL32(00000000,00100000,00002000,00000004), ref: 00533900
                              • HeapFree.KERNEL32(00000000,?), ref: 00533917
                              Memory Dump Source
                              • Source File: 00000000.00000002.3434813036.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                              • Associated: 00000000.00000002.3434766312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435007049.000000000054C000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435101431.00000000005F5000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435161295.00000000005F7000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435180881.00000000005F9000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435200925.0000000000602000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435218251.0000000000603000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435236346.0000000000608000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435252552.000000000060A000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000646000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000064B000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435370961.000000000064E000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_400000_99.jbxd
                              Similarity
                              • API ID: AllocHeap$FreeVirtual
                              • String ID:
                              • API String ID: 3499195154-0
                              • Opcode ID: d4c4b0608eda72aec55e528551bb8dc80b94c3eeede4118ca1eb5713d26d24b4
                              • Instruction ID: dd1a0ceb49c534ed8bff57542ae4076c413af3306ec07ef0a26e4e19b8067f3d
                              • Opcode Fuzzy Hash: d4c4b0608eda72aec55e528551bb8dc80b94c3eeede4118ca1eb5713d26d24b4
                              • Instruction Fuzzy Hash: E6114F39A04201EFC7608F59EC45AA27BB6FF96724B1069AEF161D61B0C3B1D945DF10
                              APIs
                              • EnterCriticalSection.KERNEL32(00647C90,?,00000000,?,?,00545756,00000010,?,00000000,?,?,?,0054513D,005451A0,00544A1B,00545143), ref: 00546425
                              • InitializeCriticalSection.KERNEL32(00000000,?,00000000,?,?,00545756,00000010,?,00000000,?,?,?,0054513D,005451A0,00544A1B,00545143), ref: 00546437
                              • LeaveCriticalSection.KERNEL32(00647C90,?,00000000,?,?,00545756,00000010,?,00000000,?,?,?,0054513D,005451A0,00544A1B,00545143), ref: 00546440
                              • EnterCriticalSection.KERNEL32(00000000,00000000,?,?,00545756,00000010,?,00000000,?,?,?,0054513D,005451A0,00544A1B,00545143,00540552), ref: 00546452
                                • Part of subcall function 00546357: GetVersion.KERNEL32(?,005463FA,?,00545756,00000010,?,00000000,?,?,?,0054513D,005451A0,00544A1B,00545143,00540552,005417F4), ref: 0054636A
                              Memory Dump Source
                              • Source File: 00000000.00000002.3434813036.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                              • Associated: 00000000.00000002.3434766312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435007049.000000000054C000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435101431.00000000005F5000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435161295.00000000005F7000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435180881.00000000005F9000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435200925.0000000000602000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435218251.0000000000603000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435236346.0000000000608000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435252552.000000000060A000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000646000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000064B000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435370961.000000000064E000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_400000_99.jbxd
                              Similarity
                              • API ID: CriticalSection$Enter$InitializeLeaveVersion
                              • String ID:
                              • API String ID: 1193629340-0
                              • Opcode ID: be7bf44e798f8f5f95f5cab12e311fd337a84e030a0531e589fe7c797591c0c9
                              • Instruction ID: 315ee9572b81fd2b8ffb4f8f567184bcbeac35c1acb3c8de58a2935c823a344d
                              • Opcode Fuzzy Hash: be7bf44e798f8f5f95f5cab12e311fd337a84e030a0531e589fe7c797591c0c9
                              • Instruction Fuzzy Hash: 48F0447950520ADFCF60DF94ECC4A96BBBEFB5331AB002436E24583011D770E459DA61
                              APIs
                              • InitializeCriticalSection.KERNEL32(?,0052F6A0,?,005297F7), ref: 00531F88
                              • InitializeCriticalSection.KERNEL32(?,0052F6A0,?,005297F7), ref: 00531F90
                              • InitializeCriticalSection.KERNEL32(?,0052F6A0,?,005297F7), ref: 00531F98
                              • InitializeCriticalSection.KERNEL32(?,0052F6A0,?,005297F7), ref: 00531FA0
                              Memory Dump Source
                              • Source File: 00000000.00000002.3434813036.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                              • Associated: 00000000.00000002.3434766312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435007049.000000000054C000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435101431.00000000005F5000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435161295.00000000005F7000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435180881.00000000005F9000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435200925.0000000000602000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435218251.0000000000603000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435236346.0000000000608000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435252552.000000000060A000.00000008.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000060C000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000618000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.0000000000646000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435269095.000000000064B000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.3435370961.000000000064E000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_400000_99.jbxd
                              Similarity
                              • API ID: CriticalInitializeSection
                              • String ID:
                              • API String ID: 32694325-0
                              • Opcode ID: b2f4fd70c444dfaf7ddf07ab3bdde15f4cfb88c1b8ac814c3a7599f737ab7c7d
                              • Instruction ID: 1d02cb1ba848432bc77ffa6abc58b10c686f8c12e97687a9bd89d8b8e6af1bb0
                              • Opcode Fuzzy Hash: b2f4fd70c444dfaf7ddf07ab3bdde15f4cfb88c1b8ac814c3a7599f737ab7c7d
                              • Instruction Fuzzy Hash: 99C002368451369ACB512B55FE0594B3F77EB4D3613011062A104910358A611C54EFE0