Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
DHzscd9uqT.exe

Overview

General Information

Sample name:DHzscd9uqT.exe
renamed because original name is a hash value
Original sample name:183c6aa694124103e3896ee7b71175f4a81d9533218617cb80d60d9307b53c90.exe
Analysis ID:1560416
MD5:af3c0e9cada6c8e34d2c1a9e8b77feba
SHA1:f57a1a856bb437d253edd159466c98e81fa3f1a0
SHA256:183c6aa694124103e3896ee7b71175f4a81d9533218617cb80d60d9307b53c90
Tags:exeMenghuNetworkTechnologyBeijingCoLtduser-JAMESWT_MHT
Infos:

Detection

STRRAT
Score:45
Range:0 - 100
Whitelisted:false
Confidence:100%

Compliance

Score:35
Range:0 - 100

Signatures

Yara detected STRRAT
AI detected suspicious sample
Connects to a pastebin service (likely for C&C)
Java source code contains very large array initializations
Contains functionality for read data from the clipboard
Contains functionality to shutdown / reboot the system
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Drops files with a non-matching file extension (content does not match file extension)
EXE planting / hijacking vulnerabilities found
Found dropped PE file which has not been started or loaded
Found potential string decryption / allocating functions
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
PE file contains sections with non-standard names
Uses 32bit PE files
Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Classification

  • System is w10x64
  • DHzscd9uqT.exe (PID: 2012 cmdline: "C:\Users\user\Desktop\DHzscd9uqT.exe" MD5: AF3C0E9CADA6C8E34D2C1A9E8B77FEBA)
    • install.exe (PID: 5812 cmdline: C:\Users\user\AppData\Roaming\InstallerPDW\install.exe MD5: FCA89C62D6EA9F979B3A8D21EE2C4F55)
      • javaw.exe (PID: 1668 cmdline: "C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe" -Dfile.encoding=UTF-8 -classpath "lib\.;lib\..;lib\asm-all.jar;lib\dn-compiled-module.jar;lib\dn-php-sdk.jar;lib\gson.jar;lib\jphp-app-framework.jar;lib\jphp-core.jar;lib\jphp-desktop-ext.jar;lib\jphp-gui-ext.jar;lib\jphp-json-ext.jar;lib\jphp-runtime.jar;lib\jphp-xml-ext.jar;lib\jphp-zend-ext.jar;lib\jphp-zip-ext.jar;lib\slf4j-api.jar;lib\slf4j-simple.jar;lib\zt-zip.jar" org.develnext.jphp.ext.javafx.FXLauncher MD5: 48C96771106DBDD5D42BBA3772E4B414)
  • cleanup
No configs have been found
SourceRuleDescriptionAuthorStrings
Process Memory Space: javaw.exe PID: 1668JoeSecurity_STRRATYara detected STRRATJoe Security
    No Sigma rule has matched
    No Suricata rule has matched

    Click to jump to signature section

    Show All Signature Results

    AV Detection

    barindex
    Source: Submited SampleIntegrated Neural Analysis Model: Matched 85.4% probability
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeEXE: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\policytool.exeJump to behavior
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeEXE: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\ssvagent.exeJump to behavior
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeEXE: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jabswitch.exeJump to behavior
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeEXE: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\kinit.exeJump to behavior
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeEXE: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\pack200.exeJump to behavior
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeEXE: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\orbd.exeJump to behavior
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeEXE: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\klist.exeJump to behavior
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeEXE: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javacpl.exeJump to behavior
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeEXE: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\ktab.exeJump to behavior
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeEXE: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeJump to behavior
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeEXE: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jjs.exeJump to behavior
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeEXE: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\rmid.exeJump to behavior
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeEXE: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\keytool.exeJump to behavior
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeEXE: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\rmiregistry.exeJump to behavior
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeEXE: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\unpack200.exeJump to behavior
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeEXE: C:\Users\user\AppData\Roaming\InstallerPDW\install.exeJump to behavior
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeEXE: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\java.exeJump to behavior
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeEXE: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\java-rmi.exeJump to behavior
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeEXE: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaws.exeJump to behavior
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeEXE: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\tnameserv.exeJump to behavior
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeEXE: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\servertool.exeJump to behavior
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeEXE: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jp2launcher.exeJump to behavior

    Compliance

    barindex
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeEXE: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\policytool.exeJump to behavior
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeEXE: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\ssvagent.exeJump to behavior
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeEXE: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jabswitch.exeJump to behavior
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeEXE: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\kinit.exeJump to behavior
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeEXE: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\pack200.exeJump to behavior
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeEXE: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\orbd.exeJump to behavior
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeEXE: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\klist.exeJump to behavior
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeEXE: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javacpl.exeJump to behavior
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeEXE: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\ktab.exeJump to behavior
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeEXE: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeJump to behavior
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeEXE: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jjs.exeJump to behavior
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeEXE: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\rmid.exeJump to behavior
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeEXE: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\keytool.exeJump to behavior
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeEXE: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\rmiregistry.exeJump to behavior
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeEXE: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\unpack200.exeJump to behavior
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeEXE: C:\Users\user\AppData\Roaming\InstallerPDW\install.exeJump to behavior
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeEXE: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\java.exeJump to behavior
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeEXE: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\java-rmi.exeJump to behavior
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeEXE: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaws.exeJump to behavior
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeEXE: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\tnameserv.exeJump to behavior
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeEXE: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\servertool.exeJump to behavior
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeEXE: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jp2launcher.exeJump to behavior
    Source: DHzscd9uqT.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\README.txtJump to behavior
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\THIRDPARTYLICENSEREADME-JAVAFX.txtJump to behavior
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\THIRDPARTYLICENSEREADME-JAVAFX.txtJump to behavior
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\THIRDPARTYLICENSEREADME.txtJump to behavior
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\THIRDPARTYLICENSEREADME.txtJump to behavior
    Source: DHzscd9uqT.exeStatic PE information: certificate valid
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeFile opened: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\msvcr100.dllJump to behavior
    Source: unknownHTTPS traffic detected: 104.20.3.235:443 -> 192.168.2.6:49763 version: TLS 1.2
    Source: DHzscd9uqT.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libt2k\t2k.pdb source: t2k.dll.0.dr
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libjava\java.pdb source: javaw.exe, 00000007.00000002.2415536306.000000006C2E3000.00000002.00000001.01000000.0000000A.sdmp, java.dll.0.dr
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libnio\nio.pdbic source: javaw.exe, 00000007.00000002.2415115555.000000006C287000.00000002.00000001.01000000.0000000D.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libjava\java.pdb'% source: javaw.exe, 00000007.00000002.2415536306.000000006C2E3000.00000002.00000001.01000000.0000000A.sdmp, java.dll.0.dr
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libmlib_image\mlib_image.pdb9 source: mlib_image.dll.0.dr
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libawt\awt.pdb source: javaw.exe, 00000007.00000002.2414061798.000000006B659000.00000002.00000001.01000000.00000013.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libnet\net.pdb source: javaw.exe, 00000007.00000002.2415252705.000000006C29D000.00000002.00000001.01000000.0000000C.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libbci\bci.pdb source: bci.dll.0.dr
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libverify\verify.pdb source: javaw.exe, 00000007.00000002.2416836298.000000006EA06000.00000002.00000001.01000000.00000009.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libsunmscapi\sunmscapi.pdb source: javaw.exe, 00000007.00000002.2413425621.000000006B024000.00000002.00000001.01000000.00000018.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\tnameserv_objs\tnameserv.pdb source: tnameserv.exe.0.dr
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\javaw_objs\javaw.pdb source: javaw.exe, 00000007.00000002.2381649656.0000000000C1C000.00000002.00000001.01000000.00000006.sdmp, javaw.exe, 00000007.00000000.2301427173.0000000000C1C000.00000002.00000001.01000000.00000006.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\liblcms\lcms.pdb* source: lcms.dll.0.dr
    Source: Binary string: C:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\hotspot\windows_i486_compiler1\product\jvm.pdb source: javaw.exe, 00000007.00000002.2416067469.000000006C5C1000.00000002.00000001.01000000.00000008.sdmp
    Source: Binary string: msvcr100.i386.pdb source: javaw.exe, 00000007.00000002.2416638455.000000006C6D1000.00000020.00000001.01000000.00000007.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\liblcms\lcms.pdb source: lcms.dll.0.dr
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libnio\nio.pdb source: javaw.exe, 00000007.00000002.2415115555.000000006C287000.00000002.00000001.01000000.0000000D.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\orbd_objs\orbd.pdb source: orbd.exe.0.dr
    Source: Binary string: msvcr120.i386.pdb source: javaw.exe, 00000007.00000002.2414849961.000000006C191000.00000020.00000001.01000000.0000000E.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libzip\zip.pdb source: javaw.exe, 00000007.00000002.2415406057.000000006C2BA000.00000002.00000001.01000000.0000000B.sdmp
    Source: Binary string: msvcp120.i386.pdb source: javaw.exe, 00000007.00000002.2414654899.000000006C111000.00000020.00000001.01000000.0000000F.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libmlib_image\mlib_image.pdb source: mlib_image.dll.0.dr
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libsunec\sunec.pdb$ source: javaw.exe, 00000007.00000002.2413886917.000000006B043000.00000002.00000001.01000000.00000017.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libjavaaccessbridge-32\JavaAccessBridge-32.pdb) source: JavaAccessBridge-32.dll.0.dr
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libsunec\sunec.pdb source: javaw.exe, 00000007.00000002.2413886917.000000006B043000.00000002.00000001.01000000.00000017.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libjavaaccessbridge-32\JavaAccessBridge-32.pdb source: JavaAccessBridge-32.dll.0.dr
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libawt\awt.pdb8^ikdwgk source: javaw.exe, 00000007.00000002.2414061798.000000006B659000.00000002.00000001.01000000.00000013.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libjawt\jawt.pdb source: jawt.dll.0.dr
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeCode function: 0_2_00402930 FindFirstFileW,0_2_00402930
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeCode function: 0_2_004069FF FindFirstFileW,FindClose,0_2_004069FF
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeCode function: 0_2_00405DAE CloseHandle,GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,0_2_00405DAE
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeFile opened: C:\Users\user\AppData\Roaming\InstallerPDW\jre\lib\Jump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeFile opened: C:\Users\user\AppData\Roaming\InstallerPDW\Jump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeFile opened: C:\Users\user\AppData\Roaming\InstallerPDW\jre\Jump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeFile opened: C:\Users\user\AppData\Roaming\Jump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeFile opened: C:\Users\user\Jump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeFile opened: C:\Users\user\AppData\Jump to behavior

    Networking

    barindex
    Source: unknownDNS query: name: pastebin.com
    Source: Joe Sandbox ViewIP Address: 104.20.3.235 104.20.3.235
    Source: Joe Sandbox ViewIP Address: 104.20.3.235 104.20.3.235
    Source: Joe Sandbox ViewJA3 fingerprint: 2db6873021f2a95daa7de0d93a1d1bf2
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: global trafficDNS traffic detected: DNS query: pastebin.com
    Source: javaw.exe, 00000007.00000002.2391259934.00000000050B4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: HTTP://WWW.CHAMBERSIGN.ORG
    Source: javaw.exe, 00000007.00000002.2398191102.000000000A8CE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.2401691014.00000000153A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/
    Source: javaw.exe, 00000007.00000002.2398191102.000000000A8CE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.2401691014.00000000153A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/allow-java-encodings
    Source: javaw.exe, 00000007.00000002.2401691014.00000000153A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/allow-java-encodings:
    Source: javaw.exe, 00000007.00000002.2398191102.000000000A8CE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.2401691014.00000000153A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/continue-after-fatal-error
    Source: javaw.exe, 00000007.00000002.2398191102.000000000A8CE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.2401691014.00000000153A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/create-cdata-nodes
    Source: javaw.exe, 00000007.00000002.2398191102.000000000A8CE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.2401691014.00000000153A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/disallow-doctype-decl
    Source: javaw.exe, 00000007.00000002.2398191102.000000000A8CE000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/dom/create-entity-ref-nodes
    Source: javaw.exe, 00000007.00000002.2401691014.00000000153A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/dom/create-entity-ref-nodesC
    Source: javaw.exe, 00000007.00000002.2398191102.000000000A8CE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.2401691014.00000000153A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/dom/defer-node-expansion
    Source: javaw.exe, 00000007.00000002.2401691014.00000000153A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/dom/defer-node-expansionG
    Source: javaw.exe, 00000007.00000002.2398191102.000000000A8CE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.2401691014.00000000153A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/dom/include-ignorable-whitespace
    Source: javaw.exe, 00000007.00000002.2401691014.00000000153A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/dom/include-ignorable-whitespace:
    Source: javaw.exe, 00000007.00000002.2398191102.000000000A8CE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.2401691014.00000000153A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/generate-synthetic-annotations
    Source: javaw.exe, 00000007.00000002.2401691014.00000000153A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/generate-synthetic-annotationsL
    Source: javaw.exe, 00000007.00000002.2398191102.000000000A8CE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.2401691014.00000000153A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/honour-all-schemaLocations
    Source: javaw.exe, 00000007.00000002.2398191102.000000000A8CE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.2401691014.00000000153A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/include-comments
    Source: javaw.exe, 00000007.00000002.2401691014.00000000153A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/include-comments1
    Source: javaw.exe, 00000007.00000002.2398191102.000000000A8CE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.2401691014.00000000153A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/internal/parser-settings
    Source: javaw.exe, 00000007.00000002.2398191102.000000000A8CE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.2401691014.00000000153A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/internal/tolerate-duplicates
    Source: javaw.exe, 00000007.00000002.2398191102.000000000A8CE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.2401691014.00000000153A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/internal/validation/schema/use-grammar-pool-only
    Source: javaw.exe, 00000007.00000002.2398191102.000000000A8CE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.2401691014.00000000153A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/namespace-growth
    Source: javaw.exe, 00000007.00000003.2358985541.0000000015A44000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.2402840749.00000000159B4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/namespaces
    Source: javaw.exe, 00000007.00000002.2398191102.000000000A8CE000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/nonvalidating/load-external-dtd
    Source: javaw.exe, 00000007.00000002.2401691014.00000000153A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/nonvalidating/load-external-dtd-
    Source: javaw.exe, 00000007.00000002.2401691014.00000000153A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/nonvalidating/load-external-dtd-A
    Source: javaw.exe, 00000007.00000002.2398191102.000000000A8CE000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/scanner/notify-builtin-refs
    Source: javaw.exe, 00000007.00000002.2401691014.00000000153A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/scanner/notify-builtin-refsK
    Source: javaw.exe, 00000007.00000002.2398191102.000000000A8CE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.2401691014.00000000153A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/scanner/notify-char-refs
    Source: javaw.exe, 00000007.00000002.2401691014.00000000153A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/scanner/notify-char-refs:
    Source: javaw.exe, 00000007.00000002.2398191102.000000000A8CE000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/standard-uri-conformant
    Source: javaw.exe, 00000007.00000002.2401691014.00000000153A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/standard-uri-conformantD
    Source: javaw.exe, 00000007.00000002.2398191102.000000000A8CE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.2401691014.00000000153A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/validate-annotations
    Source: javaw.exe, 00000007.00000002.2401691014.00000000153A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/validation/balance-syntax-trees
    Source: javaw.exe, 00000007.00000002.2401691014.00000000153A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/validation/dynamic
    Source: javaw.exe, 00000007.00000002.2398191102.000000000A8CE000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/validation/schema
    Source: javaw.exe, 00000007.00000002.2398191102.000000000A8CE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.2401691014.00000000153A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/validation/schema-full-checking
    Source: javaw.exe, 00000007.00000002.2401691014.00000000153A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/validation/schema-full-checking55
    Source: javaw.exe, 00000007.00000002.2398191102.000000000A8CE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.2401691014.00000000153A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/validation/schema/augment-psvi
    Source: javaw.exe, 00000007.00000002.2398191102.000000000A8CE000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/validation/schema/element-default
    Source: javaw.exe, 00000007.00000002.2401691014.00000000153A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/validation/schema/element-default=
    Source: javaw.exe, 00000007.00000002.2398191102.000000000A8CE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.2401691014.00000000153A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/validation/schema/normalized-value
    Source: javaw.exe, 00000007.00000002.2401691014.00000000153A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/validation/schema:
    Source: javaw.exe, 00000007.00000002.2398191102.000000000A8CE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.2401691014.00000000153A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/validation/warn-on-duplicate-attdef
    Source: javaw.exe, 00000007.00000002.2398191102.000000000A8CE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.2401691014.00000000153A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/validation/warn-on-undeclared-elemdef
    Source: javaw.exe, 00000007.00000002.2401691014.00000000153A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/validation/warn-on-undeclared-elemdef3
    Source: javaw.exe, 00000007.00000002.2398191102.000000000A8CE000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/warn-on-duplicate-entitydef
    Source: javaw.exe, 00000007.00000002.2401691014.00000000153A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/warn-on-duplicate-entitydef?
    Source: javaw.exe, 00000007.00000002.2398191102.000000000A8CE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.2401691014.00000000153A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/xinclude
    Source: javaw.exe, 00000007.00000002.2398191102.000000000A8CE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.2401691014.00000000153A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/xinclude/fixup-base-uris
    Source: javaw.exe, 00000007.00000002.2398191102.000000000A8CE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.2401691014.00000000153A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/xinclude/fixup-language
    Source: javaw.exe, 00000007.00000002.2401691014.00000000153A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/xincludeC
    Source: javaw.exe, 00000007.00000002.2398191102.000000000A8CE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.2401691014.00000000153A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/
    Source: javaw.exe, 00000007.00000002.2398191102.000000000A8CE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.2401691014.00000000153A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/dom/current-element-node
    Source: javaw.exe, 00000007.00000002.2401691014.00000000153A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/dom/current-element-node7
    Source: javaw.exe, 00000007.00000002.2398191102.000000000A8CE000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/dom/document-class-name
    Source: javaw.exe, 00000007.00000002.2401691014.00000000153A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/dom/document-class-name3
    Source: javaw.exe, 00000007.00000002.2398191102.000000000A8CE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.2401691014.00000000153A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/input-buffer-size
    Source: javaw.exe, 00000007.00000002.2398191102.000000000A8CE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.2401691014.00000000153A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/datatype-validator-factory
    Source: javaw.exe, 00000007.00000002.2398191102.000000000A8CE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.2401691014.00000000153A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/document-scanner
    Source: javaw.exe, 00000007.00000002.2398191102.000000000A8CE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.2401691014.00000000153A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/dtd-processor
    Source: javaw.exe, 00000007.00000002.2401691014.00000000153A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/dtd-processor7
    Source: javaw.exe, 00000007.00000002.2398191102.000000000A8CE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.2401691014.00000000153A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/dtd-scanner
    Source: javaw.exe, 00000007.00000002.2398191102.000000000A8CE000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/entity-manager
    Source: javaw.exe, 00000007.00000002.2401691014.00000000153A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/entity-manager:
    Source: javaw.exe, 00000007.00000002.2398191102.000000000A8CE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.2401691014.00000000153A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/entity-resolver
    Source: javaw.exe, 00000007.00000002.2398191102.000000000A8CE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.2401691014.00000000153A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/error-handler
    Source: javaw.exe, 00000007.00000002.2401691014.00000000153A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/error-handler=
    Source: javaw.exe, 00000007.00000002.2398191102.000000000A8CE000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/error-reporter
    Source: javaw.exe, 00000007.00000002.2401691014.00000000153A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/error-reporter8
    Source: javaw.exe, 00000007.00000002.2401691014.00000000153A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/grammar-pool
    Source: javaw.exe, 00000007.00000002.2398191102.000000000A8CE000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/namespace-binder
    Source: javaw.exe, 00000007.00000002.2401691014.00000000153A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/namespace-binderXTransA
    Source: javaw.exe, 00000007.00000002.2398191102.000000000A8CE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.2401691014.00000000153A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/namespace-context
    Source: javaw.exe, 00000007.00000002.2398191102.000000000A8CE000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/stax-entity-resolver
    Source: javaw.exe, 00000007.00000002.2401691014.00000000153A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/stax-entity-resolverD
    Source: javaw.exe, 00000007.00000002.2398191102.000000000A8CE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.2401691014.00000000153A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/symbol-table
    Source: javaw.exe, 00000007.00000002.2401691014.00000000153A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/symbol-table6
    Source: javaw.exe, 00000007.00000002.2398191102.000000000A8CE000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/validation-manager
    Source: javaw.exe, 00000007.00000002.2401691014.00000000153A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/validation-manager%
    Source: javaw.exe, 00000007.00000002.2398191102.000000000A8CE000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/validation/schema/dv-factory
    Source: javaw.exe, 00000007.00000002.2401691014.00000000153A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/validation/schema/dv-factory5
    Source: javaw.exe, 00000007.00000002.2398191102.000000000A8CE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.2401691014.00000000153A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/validator/dtd
    Source: javaw.exe, 00000007.00000002.2401691014.00000000153A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/validator/dtdD
    Source: javaw.exe, 00000007.00000002.2398191102.000000000A8CE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.2401691014.00000000153A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/validator/schema
    Source: javaw.exe, 00000007.00000002.2398191102.000000000A8CE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.2401691014.00000000153A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/xinclude-handler
    Source: javaw.exe, 00000007.00000002.2398191102.000000000A8CE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.2401691014.00000000153A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/locale
    Source: javaw.exe, 00000007.00000002.2398191102.000000000A8CE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.2401691014.00000000153A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/schema/external-noNamespaceSchemaLocation
    Source: javaw.exe, 00000007.00000002.2398191102.000000000A8CE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.2401691014.00000000153A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/schema/external-schemaLocation
    Source: javaw.exe, 00000007.00000002.2398191102.000000000A8CE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.2401691014.00000000153A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/security-manager
    Source: javaw.exe, 00000007.00000002.2401691014.00000000153A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/security-manager&
    Source: javaw.exe, 00000007.00000002.2398191102.000000000A8CE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.2402840749.00000000159B4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/xmlschema/1.0/anonymousTypes
    Source: javaw.exe, 00000007.00000002.2402840749.00000000159B4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/xmlschema/1.0/anonymousTypesD
    Source: javaw.exe, 00000007.00000002.2398191102.000000000A636000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://asm.objectweb.org
    Source: javaw.exe, 00000007.00000002.2398191102.000000000A417000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.2415536306.000000006C2E3000.00000002.00000001.01000000.0000000A.sdmp, java.dll.0.drString found in binary or memory: http://bugreport.sun.com/bugreport/
    Source: javaw.exe, 00000007.00000002.2415536306.000000006C2E3000.00000002.00000001.01000000.0000000A.sdmp, java.dll.0.drString found in binary or memory: http://bugreport.sun.com/bugreport/java.vendor.url.bughttp://java.oracle.com/java.vendor.urljava.ven
    Source: javaw.exe, 00000007.00000002.2398191102.000000000ACF1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.2398191102.000000000AB89000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://cps.chambersign.org/cps/chambersroot.html
    Source: javaw.exe, 00000007.00000002.2398191102.000000000ACF1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.2398191102.000000000AE3E000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://cps.chambersign.org/cps/chambersroot.html0
    Source: javaw.exe, 00000007.00000002.2398191102.000000000ACF1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.2398191102.000000000AB89000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.chambersign.org/chambersroot.crl
    Source: javaw.exe, 00000007.00000002.2398191102.000000000ACF1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.2398191102.000000000AE3E000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.2398191102.000000000AB89000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.chambersign.org/chambersroot.crl0
    Source: javaw.exe, 00000007.00000002.2398191102.000000000ACF1000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl
    Source: javaw.exe, 00000007.00000002.2398191102.000000000ACF1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.2398191102.000000000AE3E000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.2398191102.000000000AB89000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
    Source: javaw.exe, 00000007.00000002.2398191102.000000000ACF1000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl
    Source: javaw.exe, 00000007.00000002.2398191102.000000000ACF1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.2398191102.000000000AE3E000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.2398191102.000000000AB89000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
    Source: javaw.exe, 00000007.00000002.2398191102.000000000ACF1000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/STCA.crl
    Source: javaw.exe, 00000007.00000002.2398191102.000000000ACF1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.2398191102.000000000AE3E000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.2398191102.000000000AB89000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/STCA.crl0
    Source: fxplugins.dll.0.dr, javafx_iio.dll.0.dr, java.dll.0.dr, t2k.dll.0.dr, bci.dll.0.dr, lcms.dll.0.dr, tnameserv.exe.0.dr, JavaAccessBridge-32.dll.0.dr, jfxmedia.dll.0.dr, jawt.dll.0.dr, orbd.exe.0.dr, mlib_image.dll.0.drString found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
    Source: javaw.exe, 00000007.00000002.2398191102.000000000ACF1000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl
    Source: javaw.exe, 00000007.00000002.2398191102.000000000ACF1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.2398191102.000000000AE3E000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.2398191102.000000000AB89000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl0
    Source: javaw.exe, 00000007.00000002.2398191102.000000000A41C000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.2415536306.000000006C2E3000.00000002.00000001.01000000.0000000A.sdmp, java.dll.0.drString found in binary or memory: http://java.oracle.com/
    Source: javaw.exe, 00000007.00000002.2402840749.00000000159B4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://java.sun.com/jaxp/xpath/dom
    Source: javaw.exe, 00000007.00000002.2402840749.00000000159B4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://java.sun.com/jaxp/xpath/dom2
    Source: javaw.exe, 00000007.00000002.2398191102.000000000A8CE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.2402840749.00000000159B4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://java.sun.com/xml/dom/properties/
    Source: javaw.exe, 00000007.00000002.2398191102.000000000A8CE000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://java.sun.com/xml/dom/properties/ancestor-check
    Source: javaw.exe, 00000007.00000002.2401691014.00000000153A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://java.sun.com/xml/dom/properties/ancestor-checkFil
    Source: javaw.exe, 00000007.00000002.2398191102.000000000A8CE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.2401691014.00000000153A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://java.sun.com/xml/jaxp/properties/
    Source: javaw.exe, 00000007.00000002.2398191102.000000000A8CE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.2401691014.00000000153A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://java.sun.com/xml/jaxp/properties/schemaLanguage
    Source: javaw.exe, 00000007.00000002.2398191102.000000000A8CE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.2401691014.00000000153A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://java.sun.com/xml/jaxp/properties/schemaSource
    Source: javaw.exe, 00000007.00000002.2401691014.00000000153A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://java.sun.com/xml/jaxp/properties/schemaSource;
    Source: javaw.exe, 00000007.00000002.2398191102.000000000A8CE000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://java.sun.com/xml/schema/features/
    Source: javaw.exe, 00000007.00000002.2402840749.00000000159B4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://java.sun.com/xml/schema/features/)
    Source: javaw.exe, 00000007.00000002.2398191102.000000000A8CE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.2401691014.00000000153A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://java.sun.com/xml/schema/features/report-ignored-element-content-whitespace
    Source: javaw.exe, 00000007.00000002.2401691014.00000000153A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://java.sun.com/xml/schema/features/report-ignored-element-content-whitespace3
    Source: javaw.exe, 00000007.00000002.2398191102.000000000A8CE000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://java.sun.com/xml/stream/properties/
    Source: javaw.exe, 00000007.00000002.2402840749.00000000159B4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://java.sun.com/xml/stream/properties/-
    Source: javaw.exe, 00000007.00000002.2398191102.000000000AAAE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.2401691014.00000000153A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://java.sun.com/xml/stream/properties/ignore-external-dtd
    Source: javaw.exe, 00000007.00000002.2401691014.00000000153A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://java.sun.com/xml/stream/properties/ignore-external-dtd9
    Source: javaw.exe, 00000007.00000002.2398191102.000000000A8CE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.2402840749.00000000159B4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://java.sun.com/xml/stream/properties/reader-in-defined-state
    Source: javaw.exe, 00000007.00000002.2398191102.000000000AAAE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.2401691014.00000000153A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://java.sun.com/xml/stream/properties/report-cdata-event
    Source: javaw.exe, 00000007.00000002.2401691014.00000000153A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://java.sun.com/xml/stream/properties/report-cdata-event/
    Source: fxplugins.dll.0.drString found in binary or memory: http://javafx.com/
    Source: javaw.exe, 00000007.00000002.2398191102.000000000A9AB000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://javafx.com/fxml/1
    Source: javaw.exe, 00000007.00000002.2398191102.000000000A9AB000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://javafx.com/javafx/8
    Source: fxplugins.dll.0.drString found in binary or memory: http://javafx.com/vp6decoderflvdemux
    Source: javaw.exe, 00000007.00000002.2398191102.000000000A8CE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.2401691014.00000000153A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://javax.xml.XMLConstants/feature/secure-processing
    Source: javaw.exe, 00000007.00000002.2402840749.00000000159B4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://javax.xml.XMLConstants/property/
    Source: javaw.exe, 00000007.00000002.2398191102.000000000A8CE000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://javax.xml.XMLConstants/property/accessExternalDTD
    Source: javaw.exe, 00000007.00000002.2401691014.00000000153A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://javax.xml.XMLConstants/property/accessExternalDTDR
    Source: javaw.exe, 00000007.00000002.2398191102.000000000A8CE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.2401691014.00000000153A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://javax.xml.XMLConstants/property/accessExternalSchema
    Source: javaw.exe, 00000007.00000002.2401691014.00000000153A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://javax.xml.XMLConstants/property/accessExternalSchemaD
    Source: javaw.exe, 00000007.00000002.2398191102.000000000A8CE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.2401691014.00000000153A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://javax.xml.XMLConstants/property/accessExternalStylesheet
    Source: javaw.exe, 00000007.00000002.2401691014.00000000153A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://javax.xml.transform.dom.DOMResult/feature
    Source: javaw.exe, 00000007.00000002.2398191102.000000000A8CE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.2401691014.00000000153A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://javax.xml.transform.dom.DOMSource/feature
    Source: javaw.exe, 00000007.00000002.2401691014.00000000153A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://javax.xml.transform.sax.SAXResult/feature#
    Source: javaw.exe, 00000007.00000002.2401691014.00000000153A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://javax.xml.transform.sax.SAXSource/feature
    Source: javaw.exe, 00000007.00000002.2398191102.000000000A8CE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.2401691014.00000000153A5000.00000004.00000020.00020000.00000000.sdmp, jfr.jar.0.drString found in binary or memory: http://javax.xml.transform.sax.SAXTransformerFactory/feature
    Source: javaw.exe, 00000007.00000002.2398191102.000000000A8CE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.2401691014.00000000153A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://javax.xml.transform.sax.SAXTransformerFactory/feature/xmlfilter
    Source: javaw.exe, 00000007.00000002.2401691014.00000000153A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://javax.xml.transform.sax.SAXTransformerFactory/featureF
    Source: javaw.exe, 00000007.00000002.2401691014.00000000153A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://javax.xml.transform.stax.StAXResult/feature
    Source: javaw.exe, 00000007.00000002.2401691014.00000000153A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://javax.xml.transform.stax.StAXSource/feature
    Source: javaw.exe, 00000007.00000002.2401691014.00000000153A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://javax.xml.transform.stream.StreamResult/feature
    Source: javaw.exe, 00000007.00000002.2401691014.00000000153A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://javax.xml.transform.stream.StreamResult/feature-
    Source: javaw.exe, 00000007.00000002.2401691014.00000000153A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://javax.xml.transform.stream.StreamSource/featureB
    Source: DHzscd9uqT.exeString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
    Source: javaw.exe, 00000007.00000003.2357317591.0000000016B00000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000007.00000003.2360940202.0000000016B50000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.2398191102.000000000AE3E000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.2407021411.0000000016B2F000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.2391259934.00000000052DF000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://null.sun.com/
    Source: fxplugins.dll.0.dr, javafx_iio.dll.0.dr, java.dll.0.dr, t2k.dll.0.dr, bci.dll.0.dr, lcms.dll.0.dr, tnameserv.exe.0.dr, JavaAccessBridge-32.dll.0.dr, jfxmedia.dll.0.dr, jawt.dll.0.dr, orbd.exe.0.dr, mlib_image.dll.0.drString found in binary or memory: http://ocsp.thawte.com0
    Source: javaw.exe, 00000007.00000002.2416067469.000000006C5C1000.00000002.00000001.01000000.00000008.sdmpString found in binary or memory: http://openjdk.java.net/jeps/220).
    Source: javaw.exe, 00000007.00000002.2398191102.000000000ACF1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.2398191102.000000000AE3E000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.2398191102.000000000AB89000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://policy.camerfirma.com
    Source: javaw.exe, 00000007.00000002.2398191102.000000000ACF1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000007.00000003.2357317591.0000000016B70000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.2398191102.000000000AE3E000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.2407021411.0000000016B70000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://policy.camerfirma.com0
    Source: javaw.exe, 00000007.00000002.2398191102.000000000ACF1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.2398191102.000000000AB89000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://repository.swisssign.com/
    Source: javaw.exe, 00000007.00000002.2398191102.000000000ACF1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.2398191102.000000000AE3E000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.2398191102.000000000AB89000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://repository.swisssign.com/0
    Source: fxplugins.dll.0.dr, javafx_iio.dll.0.dr, java.dll.0.dr, t2k.dll.0.dr, bci.dll.0.dr, lcms.dll.0.dr, tnameserv.exe.0.dr, JavaAccessBridge-32.dll.0.dr, jfxmedia.dll.0.dr, jawt.dll.0.dr, orbd.exe.0.dr, mlib_image.dll.0.drString found in binary or memory: http://s1.symcb.com/pca3-g5.crl0
    Source: fxplugins.dll.0.dr, javafx_iio.dll.0.dr, java.dll.0.dr, t2k.dll.0.dr, bci.dll.0.dr, lcms.dll.0.dr, tnameserv.exe.0.dr, JavaAccessBridge-32.dll.0.dr, jfxmedia.dll.0.dr, jawt.dll.0.dr, orbd.exe.0.dr, mlib_image.dll.0.drString found in binary or memory: http://s2.symcb.com0
    Source: javaw.exe, 00000007.00000002.2398191102.000000000ACF1000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://site.com/
    Source: fxplugins.dll.0.dr, javafx_iio.dll.0.dr, java.dll.0.dr, t2k.dll.0.dr, bci.dll.0.dr, lcms.dll.0.dr, tnameserv.exe.0.dr, JavaAccessBridge-32.dll.0.dr, jfxmedia.dll.0.dr, jawt.dll.0.dr, orbd.exe.0.dr, mlib_image.dll.0.drString found in binary or memory: http://sv.symcb.com/sv.crl0f
    Source: fxplugins.dll.0.dr, javafx_iio.dll.0.dr, java.dll.0.dr, t2k.dll.0.dr, bci.dll.0.dr, lcms.dll.0.dr, tnameserv.exe.0.dr, JavaAccessBridge-32.dll.0.dr, jfxmedia.dll.0.dr, jawt.dll.0.dr, orbd.exe.0.dr, mlib_image.dll.0.drString found in binary or memory: http://sv.symcb.com/sv.crt0
    Source: fxplugins.dll.0.dr, javafx_iio.dll.0.dr, java.dll.0.dr, t2k.dll.0.dr, bci.dll.0.dr, lcms.dll.0.dr, tnameserv.exe.0.dr, JavaAccessBridge-32.dll.0.dr, jfxmedia.dll.0.dr, jawt.dll.0.dr, orbd.exe.0.dr, mlib_image.dll.0.drString found in binary or memory: http://sv.symcd.com0&
    Source: javaw.exe, 00000007.00000002.2398191102.000000000ACF1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.2398191102.000000000AB89000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://trustcenter-crl.certificat2.com/Keynectis/KEYNECTIS_ROOT_CA.crl
    Source: javaw.exe, 00000007.00000002.2398191102.000000000ACF1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.2398191102.000000000AE3E000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.2398191102.000000000AB89000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://trustcenter-crl.certificat2.com/Keynectis/KEYNECTIS_ROOT_CA.crl0
    Source: fxplugins.dll.0.dr, javafx_iio.dll.0.dr, java.dll.0.dr, t2k.dll.0.dr, bci.dll.0.dr, lcms.dll.0.dr, tnameserv.exe.0.dr, JavaAccessBridge-32.dll.0.dr, jfxmedia.dll.0.dr, jawt.dll.0.dr, orbd.exe.0.dr, mlib_image.dll.0.drString found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
    Source: fxplugins.dll.0.dr, javafx_iio.dll.0.dr, java.dll.0.dr, t2k.dll.0.dr, bci.dll.0.dr, lcms.dll.0.dr, tnameserv.exe.0.dr, JavaAccessBridge-32.dll.0.dr, jfxmedia.dll.0.dr, jawt.dll.0.dr, orbd.exe.0.dr, mlib_image.dll.0.drString found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
    Source: fxplugins.dll.0.dr, javafx_iio.dll.0.dr, java.dll.0.dr, t2k.dll.0.dr, bci.dll.0.dr, lcms.dll.0.dr, tnameserv.exe.0.dr, JavaAccessBridge-32.dll.0.dr, jfxmedia.dll.0.dr, jawt.dll.0.dr, orbd.exe.0.dr, mlib_image.dll.0.drString found in binary or memory: http://ts-ocsp.ws.symantec.com07
    Source: javaw.exe, 00000007.00000002.2398191102.000000000ACF1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.2398191102.000000000AB89000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.certplus.com/CRL/class2.crl
    Source: javaw.exe, 00000007.00000002.2398191102.000000000ACF1000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.certplus.com/CRL/class2.crl0
    Source: javaw.exe, 00000007.00000002.2398191102.000000000ACF1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.2398191102.000000000AB89000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.certplus.com/CRL/class3P.crl
    Source: javaw.exe, 00000007.00000002.2398191102.000000000ACF1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.2398191102.000000000AE3E000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.certplus.com/CRL/class3P.crl0
    Source: javaw.exe, 00000007.00000002.2391259934.00000000050B4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.chambersign.org
    Source: javaw.exe, 00000007.00000002.2398191102.000000000ACF1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.2398191102.000000000AE3E000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.2398191102.000000000AB89000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.chambersign.org1
    Source: javaw.exe, 00000007.00000002.2398191102.000000000A8CE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.2401691014.00000000153A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/feature/use-service-mechanism
    Source: jfr.jar.0.drString found in binary or memory: http://www.oracle.com/hotspot/jdk/
    Source: jfr.jar.0.drString found in binary or memory: http://www.oracle.com/hotspot/jfr-info/
    Source: javaw.exe, 00000007.00000002.2416067469.000000006C5C1000.00000002.00000001.01000000.00000008.sdmp, jfr.jar.0.drString found in binary or memory: http://www.oracle.com/hotspot/jvm/
    Source: javaw.exe, 00000007.00000002.2416067469.000000006C5C1000.00000002.00000001.01000000.00000008.sdmpString found in binary or memory: http://www.oracle.com/hotspot/jvm/java/monitor/address
    Source: javaw.exe, 00000007.00000002.2416067469.000000006C5C1000.00000002.00000001.01000000.00000008.sdmpString found in binary or memory: http://www.oracle.com/hotspot/jvm/vm/code_sweeper/id
    Source: javaw.exe, 00000007.00000002.2416067469.000000006C5C1000.00000002.00000001.01000000.00000008.sdmpString found in binary or memory: http://www.oracle.com/hotspot/jvm/vm/compiler/id
    Source: javaw.exe, 00000007.00000002.2416067469.000000006C5C1000.00000002.00000001.01000000.00000008.sdmpString found in binary or memory: http://www.oracle.com/hotspot/jvm/vm/gc/id
    Source: javaw.exe, 00000007.00000002.2398191102.000000000AB89000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.2405654529.0000000016920000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/technetwork/java/javafx/index.html
    Source: javaw.exe, 00000007.00000002.2416067469.000000006C5C1000.00000002.00000001.01000000.00000008.sdmpString found in binary or memory: http://www.oracle.com/technetwork/java/javaseproducts/
    Source: javaw.exe, 00000007.00000002.2416067469.000000006C5C1000.00000002.00000001.01000000.00000008.sdmpString found in binary or memory: http://www.oracle.com/technetwork/java/javaseproducts/C:
    Source: javaw.exe, 00000007.00000002.2398191102.000000000A8CE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.2401691014.00000000153A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/xml/is-standalone
    Source: javaw.exe, 00000007.00000002.2398191102.000000000A8CE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.2402840749.00000000159B4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/
    Source: javaw.exe, 00000007.00000002.2398191102.000000000A8CE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.2401691014.00000000153A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/elementAttributeLimit
    Source: javaw.exe, 00000007.00000002.2398191102.000000000A8CE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.2401691014.00000000153A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/enableExtensionFunctions
    Source: javaw.exe, 00000007.00000002.2398191102.000000000A8CE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.2401691014.00000000153A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/entityExpansionLimit
    Source: javaw.exe, 00000007.00000002.2398191102.000000000A8CE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.2401691014.00000000153A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/entityReplacementLimit
    Source: javaw.exe, 00000007.00000002.2398191102.000000000A8CE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.2401691014.00000000153A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/getEntityCountInfo
    Source: javaw.exe, 00000007.00000002.2398191102.000000000A8CE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.2401691014.00000000153A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/maxElementDepth
    Source: javaw.exe, 00000007.00000002.2401691014.00000000153A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/maxGeneralEntitySizeLimit
    Source: javaw.exe, 00000007.00000002.2398191102.000000000A8CE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.2401691014.00000000153A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/maxOccurLimit
    Source: javaw.exe, 00000007.00000002.2398191102.000000000A8CE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.2401691014.00000000153A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/maxParameterEntitySizeLimit
    Source: javaw.exe, 00000007.00000002.2401691014.00000000153A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/maxParameterEntitySizeLimit#
    Source: javaw.exe, 00000007.00000002.2398191102.000000000A8CE000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/maxXMLNameLimit
    Source: javaw.exe, 00000007.00000002.2401691014.00000000153A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/maxXMLNameLimitZ.
    Source: javaw.exe, 00000007.00000002.2398191102.000000000A8CE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.2401691014.00000000153A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/totalEntitySizeLimit
    Source: javaw.exe, 00000007.00000002.2398191102.000000000A8CE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.2401691014.00000000153A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/xmlSecurityPropertyManager
    Source: javaw.exe, 00000007.00000002.2401691014.00000000153A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/xmlSecurityPropertyManager;
    Source: javaw.exe, 00000007.00000002.2398191102.000000000ACF1000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.quovadis.bm
    Source: javaw.exe, 00000007.00000002.2398191102.000000000ACF1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.2398191102.000000000AE3E000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.2398191102.000000000AB89000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.quovadis.bm0
    Source: javaw.exe, 00000007.00000002.2398191102.000000000ACF1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.2398191102.000000000AB89000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.quovadisglobal.com/cps
    Source: javaw.exe, 00000007.00000002.2398191102.000000000ACF1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.2398191102.000000000AE3E000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.2398191102.000000000AB89000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.quovadisglobal.com/cps0
    Source: fxplugins.dll.0.dr, javafx_iio.dll.0.dr, java.dll.0.dr, t2k.dll.0.dr, bci.dll.0.dr, lcms.dll.0.dr, tnameserv.exe.0.dr, JavaAccessBridge-32.dll.0.dr, jfxmedia.dll.0.dr, jawt.dll.0.dr, orbd.exe.0.dr, mlib_image.dll.0.drString found in binary or memory: http://www.symauth.com/cps0(
    Source: fxplugins.dll.0.dr, javafx_iio.dll.0.dr, java.dll.0.dr, t2k.dll.0.dr, bci.dll.0.dr, lcms.dll.0.dr, tnameserv.exe.0.dr, JavaAccessBridge-32.dll.0.dr, jfxmedia.dll.0.dr, jawt.dll.0.dr, orbd.exe.0.dr, mlib_image.dll.0.drString found in binary or memory: http://www.symauth.com/rpa00
    Source: javaw.exe, 00000007.00000002.2401691014.00000000153A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://xml.apache.org/xalan
    Source: javaw.exe, 00000007.00000002.2401691014.0000000015287000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.2398191102.000000000A8CE000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://xml.apache.org/xpath/features/whitespace-pre-stripping
    Source: javaw.exe, 00000007.00000002.2401691014.00000000153A5000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000007.00000003.2358985541.0000000015A9C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://xml.apache.org/xslt
    Source: javaw.exe, 00000007.00000002.2398191102.000000000A8CE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.2402840749.00000000159B4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/features/
    Source: javaw.exe, 00000007.00000002.2398191102.000000000A8CE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.2401691014.00000000153A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/features/allow-dtd-events-after-endDTD
    Source: javaw.exe, 00000007.00000002.2398191102.000000000A8CE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.2401691014.00000000153A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/features/external-general-entities
    Source: javaw.exe, 00000007.00000002.2398191102.000000000A8CE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.2401691014.00000000153A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/features/external-parameter-entities
    Source: javaw.exe, 00000007.00000002.2401691014.00000000153A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/features/external-parameter-entities8
    Source: javaw.exe, 00000007.00000002.2398191102.000000000A8CE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.2401691014.00000000153A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/features/namespace-prefixes
    Source: javaw.exe, 00000007.00000002.2398191102.000000000A8CE000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/features/namespaces
    Source: javaw.exe, 00000007.00000002.2401691014.00000000153A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/features/namespacesC
    Source: javaw.exe, 00000007.00000003.2358985541.0000000015A44000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.2398191102.000000000AAAE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.2402840749.00000000159B4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/features/string-interning
    Source: javaw.exe, 00000007.00000003.2358985541.0000000015A44000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.2402840749.00000000159B4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/features/string-interningfeature
    Source: javaw.exe, 00000007.00000003.2358985541.0000000015A44000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.2402840749.00000000159B4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/features/string-interningr
    Source: javaw.exe, 00000007.00000002.2398191102.000000000A8CE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.2401691014.00000000153A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/features/use-entity-resolver2
    Source: javaw.exe, 00000007.00000002.2398191102.000000000A8CE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.2401691014.00000000153A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/features/validation
    Source: javaw.exe, 00000007.00000002.2401691014.00000000153A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/features/validation?
    Source: javaw.exe, 00000007.00000002.2398191102.000000000A8CE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.2401691014.00000000153A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/properties/
    Source: javaw.exe, 00000007.00000002.2398191102.000000000A8CE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.2401691014.00000000153A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/properties/lexical-handler
    Source: javaw.exe, 00000007.00000002.2401691014.00000000153A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/properties/lexical-handler.
    Source: javaw.exe, 00000007.00000002.2398191102.000000000A8CE000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/properties/xml-string
    Source: javaw.exe, 00000007.00000002.2401691014.00000000153A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/properties/xml-string?
    Source: fxplugins.dll.0.dr, javafx_iio.dll.0.dr, java.dll.0.dr, t2k.dll.0.dr, bci.dll.0.dr, lcms.dll.0.dr, tnameserv.exe.0.dr, JavaAccessBridge-32.dll.0.dr, jfxmedia.dll.0.dr, jawt.dll.0.dr, orbd.exe.0.dr, mlib_image.dll.0.drString found in binary or memory: https://d.symcb.com/cps0%
    Source: fxplugins.dll.0.dr, javafx_iio.dll.0.dr, java.dll.0.dr, t2k.dll.0.dr, bci.dll.0.dr, lcms.dll.0.dr, tnameserv.exe.0.dr, JavaAccessBridge-32.dll.0.dr, jfxmedia.dll.0.dr, jawt.dll.0.dr, orbd.exe.0.dr, mlib_image.dll.0.drString found in binary or memory: https://d.symcb.com/rpa0
    Source: javaw.exe, 00000007.00000003.2360940202.0000000016B67000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gist.github.com/maxd/63691840fc372f22f470.
    Source: javaw.exe, 00000007.00000002.2398191102.000000000AB89000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.2405654529.0000000016920000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/TsSaltan/DevelNext-jURL/releases/latest
    Source: javaw.exe, 00000007.00000002.2398191102.000000000A4D7000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/google/gson
    Source: javaw.exe, 00000007.00000002.2398191102.000000000ACF1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.2398191102.000000000AB89000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://ocsp.quovadisoffshore.com
    Source: javaw.exe, 00000007.00000002.2398191102.000000000ACF1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.2398191102.000000000AE3E000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.2398191102.000000000AB89000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://ocsp.quovadisoffshore.com0
    Source: javaw.exe, 00000007.00000002.2398191102.000000000AB89000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.2391259934.00000000052DF000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://pastebin.com/raw/WhdMR234
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
    Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
    Source: unknownHTTPS traffic detected: 104.20.3.235:443 -> 192.168.2.6:49763 version: TLS 1.2
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeCode function: 0_2_00405866 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageW,CreatePopupMenu,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard,0_2_00405866

    System Summary

    barindex
    Source: charsets.jar.0.dr, sun/nio/cs/ext/IBM964.javaLarge array initialization: Encoder: array initializer size 1024
    Source: charsets.jar.0.dr, sun/nio/cs/ext/IBM33722.javaLarge array initialization: Encoder: array initializer size 2048
    Source: US_export_policy.jar.0.dr, sun/nio/cs/ext/IBM964.javaLarge array initialization: Encoder: array initializer size 1024
    Source: US_export_policy.jar.0.dr, sun/nio/cs/ext/IBM33722.javaLarge array initialization: Encoder: array initializer size 2048
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeCode function: 0_2_00403665 EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrlenW,wsprintfW,GetFileAttributesW,DeleteFileW,SetCurrentDirectoryW,CopyFileW,ExitProcess,CoUninitialize,ExitProcess,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_00403665
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeCode function: 0_2_00406DC00_2_00406DC0
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\install.exeCode function: 6_2_00405D306_2_00405D30
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\install.exeCode function: 6_2_004013B06_2_004013B0
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\install.exeCode function: String function: 00406E10 appears 37 times
    Source: DHzscd9uqT.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
    Source: classification engineClassification label: mal45.troj.winEXE@5/219@1/1
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\install.exeCode function: 6_2_00401ED0 GetLastError,puts,ShellExecuteA,printf,fclose,MessageBoxA,FormatMessageA,strlen,strcat,LocalFree,fprintf,fprintf,fprintf,6_2_00401ED0
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeCode function: 0_2_00403665 EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrlenW,wsprintfW,GetFileAttributesW,DeleteFileW,SetCurrentDirectoryW,CopyFileW,ExitProcess,CoUninitialize,ExitProcess,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_00403665
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeCode function: 0_2_00404B12 GetDlgItem,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,0_2_00404B12
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeCode function: 0_2_004021CF CoCreateInstance,0_2_004021CF
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\install.exeCode function: 6_2_00404740 FindResourceExA,LoadResource,LockResource,fprintf,FindResourceExA,LoadResource,LockResource,fprintf,strchr,strlen,strcpy,FindResourceExA,LoadResource,LockResource,fprintf,strchr,strlen,strcpy,strncpy,strlen,strcat,strncpy,strlen,strcat,FindResourceExA,LoadResource,LockResource,atoi,SetLastError,SetLastError,SetLastError,strcpy,fprintf,FindResourceExA,LoadResource,LockResource,atoi,strcpy,fprintf,fprintf,SetLastError,SetLastError,fprintf,6_2_00404740
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDWJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeMutant created: NULL
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeFile created: C:\Users\user\AppData\Local\Temp\nsrE6BB.tmpJump to behavior
    Source: DHzscd9uqT.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeFile read: C:\Users\desktop.iniJump to behavior
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeFile read: C:\Users\user\Desktop\DHzscd9uqT.exeJump to behavior
    Source: unknownProcess created: C:\Users\user\Desktop\DHzscd9uqT.exe "C:\Users\user\Desktop\DHzscd9uqT.exe"
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeProcess created: C:\Users\user\AppData\Roaming\InstallerPDW\install.exe C:\Users\user\AppData\Roaming\InstallerPDW\install.exe
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\install.exeProcess created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe "C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe" -Dfile.encoding=UTF-8 -classpath "lib\.;lib\..;lib\asm-all.jar;lib\dn-compiled-module.jar;lib\dn-php-sdk.jar;lib\gson.jar;lib\jphp-app-framework.jar;lib\jphp-core.jar;lib\jphp-desktop-ext.jar;lib\jphp-gui-ext.jar;lib\jphp-json-ext.jar;lib\jphp-runtime.jar;lib\jphp-xml-ext.jar;lib\jphp-zend-ext.jar;lib\jphp-zip-ext.jar;lib\slf4j-api.jar;lib\slf4j-simple.jar;lib\zt-zip.jar" org.develnext.jphp.ext.javafx.FXLauncher
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeProcess created: C:\Users\user\AppData\Roaming\InstallerPDW\install.exe C:\Users\user\AppData\Roaming\InstallerPDW\install.exeJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\install.exeProcess created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe "C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe" -Dfile.encoding=UTF-8 -classpath "lib\.;lib\..;lib\asm-all.jar;lib\dn-compiled-module.jar;lib\dn-php-sdk.jar;lib\gson.jar;lib\jphp-app-framework.jar;lib\jphp-core.jar;lib\jphp-desktop-ext.jar;lib\jphp-gui-ext.jar;lib\jphp-json-ext.jar;lib\jphp-runtime.jar;lib\jphp-xml-ext.jar;lib\jphp-zend-ext.jar;lib\jphp-zip-ext.jar;lib\slf4j-api.jar;lib\slf4j-simple.jar;lib\zt-zip.jar" org.develnext.jphp.ext.javafx.FXLauncherJump to behavior
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeSection loaded: uxtheme.dllJump to behavior
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeSection loaded: apphelp.dllJump to behavior
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeSection loaded: propsys.dllJump to behavior
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeSection loaded: dwmapi.dllJump to behavior
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeSection loaded: cryptbase.dllJump to behavior
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeSection loaded: oleacc.dllJump to behavior
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeSection loaded: ntmarta.dllJump to behavior
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeSection loaded: version.dllJump to behavior
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeSection loaded: shfolder.dllJump to behavior
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeSection loaded: windows.storage.dllJump to behavior
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeSection loaded: wldp.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\install.exeSection loaded: apphelp.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\install.exeSection loaded: acgenral.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\install.exeSection loaded: uxtheme.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\install.exeSection loaded: winmm.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\install.exeSection loaded: samcli.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\install.exeSection loaded: msacm32.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\install.exeSection loaded: version.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\install.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\install.exeSection loaded: dwmapi.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\install.exeSection loaded: urlmon.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\install.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\install.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\install.exeSection loaded: winmmbase.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\install.exeSection loaded: winmmbase.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\install.exeSection loaded: iertutil.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\install.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\install.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\install.exeSection loaded: aclayers.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\install.exeSection loaded: sfc.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\install.exeSection loaded: sfc_os.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeSection loaded: apphelp.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeSection loaded: acgenral.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeSection loaded: uxtheme.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeSection loaded: winmm.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeSection loaded: samcli.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeSection loaded: msacm32.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeSection loaded: version.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeSection loaded: dwmapi.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeSection loaded: urlmon.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeSection loaded: winmmbase.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeSection loaded: winmmbase.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeSection loaded: iertutil.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeSection loaded: aclayers.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeSection loaded: sfc.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeSection loaded: sfc_os.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeSection loaded: wsock32.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeSection loaded: windows.storage.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeSection loaded: wldp.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeSection loaded: cryptsp.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeSection loaded: rsaenh.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeSection loaded: dpapi.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeSection loaded: cryptbase.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeSection loaded: iphlpapi.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeSection loaded: dhcpcsvc6.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeSection loaded: dhcpcsvc.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeSection loaded: d3d9.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeSection loaded: d3d10warp.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeSection loaded: resourcepolicyclient.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeSection loaded: dxcore.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeSection loaded: dwrite.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeSection loaded: windowscodecs.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeSection loaded: dataexchange.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeSection loaded: d3d11.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeSection loaded: dcomp.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeSection loaded: dxgi.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeSection loaded: twinapi.appcore.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeSection loaded: textinputframework.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeSection loaded: coreuicomponents.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeSection loaded: coremessaging.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeSection loaded: ntmarta.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeSection loaded: coremessaging.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeSection loaded: wintypes.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeSection loaded: wintypes.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeSection loaded: wintypes.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeSection loaded: rasadhlp.dllJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
    Source: DHzscd9uqT.exeStatic PE information: certificate valid
    Source: DHzscd9uqT.exeStatic file information: File size 46513496 > 1048576
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeFile opened: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\msvcr100.dllJump to behavior
    Source: DHzscd9uqT.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libt2k\t2k.pdb source: t2k.dll.0.dr
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libjava\java.pdb source: javaw.exe, 00000007.00000002.2415536306.000000006C2E3000.00000002.00000001.01000000.0000000A.sdmp, java.dll.0.dr
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libnio\nio.pdbic source: javaw.exe, 00000007.00000002.2415115555.000000006C287000.00000002.00000001.01000000.0000000D.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libjava\java.pdb'% source: javaw.exe, 00000007.00000002.2415536306.000000006C2E3000.00000002.00000001.01000000.0000000A.sdmp, java.dll.0.dr
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libmlib_image\mlib_image.pdb9 source: mlib_image.dll.0.dr
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libawt\awt.pdb source: javaw.exe, 00000007.00000002.2414061798.000000006B659000.00000002.00000001.01000000.00000013.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libnet\net.pdb source: javaw.exe, 00000007.00000002.2415252705.000000006C29D000.00000002.00000001.01000000.0000000C.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libbci\bci.pdb source: bci.dll.0.dr
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libverify\verify.pdb source: javaw.exe, 00000007.00000002.2416836298.000000006EA06000.00000002.00000001.01000000.00000009.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libsunmscapi\sunmscapi.pdb source: javaw.exe, 00000007.00000002.2413425621.000000006B024000.00000002.00000001.01000000.00000018.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\tnameserv_objs\tnameserv.pdb source: tnameserv.exe.0.dr
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\javaw_objs\javaw.pdb source: javaw.exe, 00000007.00000002.2381649656.0000000000C1C000.00000002.00000001.01000000.00000006.sdmp, javaw.exe, 00000007.00000000.2301427173.0000000000C1C000.00000002.00000001.01000000.00000006.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\liblcms\lcms.pdb* source: lcms.dll.0.dr
    Source: Binary string: C:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\hotspot\windows_i486_compiler1\product\jvm.pdb source: javaw.exe, 00000007.00000002.2416067469.000000006C5C1000.00000002.00000001.01000000.00000008.sdmp
    Source: Binary string: msvcr100.i386.pdb source: javaw.exe, 00000007.00000002.2416638455.000000006C6D1000.00000020.00000001.01000000.00000007.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\liblcms\lcms.pdb source: lcms.dll.0.dr
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libnio\nio.pdb source: javaw.exe, 00000007.00000002.2415115555.000000006C287000.00000002.00000001.01000000.0000000D.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\orbd_objs\orbd.pdb source: orbd.exe.0.dr
    Source: Binary string: msvcr120.i386.pdb source: javaw.exe, 00000007.00000002.2414849961.000000006C191000.00000020.00000001.01000000.0000000E.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libzip\zip.pdb source: javaw.exe, 00000007.00000002.2415406057.000000006C2BA000.00000002.00000001.01000000.0000000B.sdmp
    Source: Binary string: msvcp120.i386.pdb source: javaw.exe, 00000007.00000002.2414654899.000000006C111000.00000020.00000001.01000000.0000000F.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libmlib_image\mlib_image.pdb source: mlib_image.dll.0.dr
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libsunec\sunec.pdb$ source: javaw.exe, 00000007.00000002.2413886917.000000006B043000.00000002.00000001.01000000.00000017.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libjavaaccessbridge-32\JavaAccessBridge-32.pdb) source: JavaAccessBridge-32.dll.0.dr
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libsunec\sunec.pdb source: javaw.exe, 00000007.00000002.2413886917.000000006B043000.00000002.00000001.01000000.00000017.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libjavaaccessbridge-32\JavaAccessBridge-32.pdb source: JavaAccessBridge-32.dll.0.dr
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libawt\awt.pdb8^ikdwgk source: javaw.exe, 00000007.00000002.2414061798.000000006B659000.00000002.00000001.01000000.00000013.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libjawt\jawt.pdb source: jawt.dll.0.dr
    Source: jfxwebkit.dll.0.drStatic PE information: section name: .unwante
    Source: prism_sw.dll.0.drStatic PE information: section name: _RDATA
    Source: msvcr100.dll.0.drStatic PE information: section name: .text entropy: 6.90903234258047
    Source: msvcr100.dll0.0.drStatic PE information: section name: .text entropy: 6.90903234258047
    Source: msvcr120.dll.0.drStatic PE information: section name: .text entropy: 6.95576372950548
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\npt.dllJump to dropped file
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jfr.dllJump to dropped file
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jli.dllJump to dropped file
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jp2iexp.dllJump to dropped file
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\resource.dllJump to dropped file
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jsoundds.dllJump to dropped file
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\plugin2\msvcr100.dllJump to dropped file
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\klist.exeJump to dropped file
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javacpl.exeJump to dropped file
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\ktab.exeJump to dropped file
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\gstreamer-lite.dllJump to dropped file
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\java.exeJump to dropped file
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jdwp.dllJump to dropped file
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\kcms.dllJump to dropped file
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\lcms.dllJump to dropped file
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\prism_sw.dllJump to dropped file
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\java-rmi.exeJump to dropped file
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\prism_common.dllJump to dropped file
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jfxmedia.dllJump to dropped file
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\dtplugin\deployJava1.dllJump to dropped file
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jp2launcher.exeJump to dropped file
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\net.dllJump to dropped file
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\ssv.dllJump to dropped file
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\kinit.exeJump to dropped file
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jfxwebkit.dllJump to dropped file
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\decora_sse.dllJump to dropped file
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\plugin2\npjp2.dllJump to dropped file
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeJump to dropped file
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\keytool.exeJump to dropped file
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\unpack200.exeJump to dropped file
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\zip.dllJump to dropped file
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\JavaAccessBridge-32.dllJump to dropped file
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaws.exeJump to dropped file
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\dcpr.dllJump to dropped file
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jaas_nt.dllJump to dropped file
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\bci.dllJump to dropped file
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jp2ssv.dllJump to dropped file
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\servertool.exeJump to dropped file
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\policytool.exeJump to dropped file
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\w2k_lsa_auth.dllJump to dropped file
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\instrument.dllJump to dropped file
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javafx_font.dllJump to dropped file
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\WindowsAccessBridge.dllJump to dropped file
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\WindowsAccessBridge-32.dllJump to dropped file
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\awt.dllJump to dropped file
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\pack200.exeJump to dropped file
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javafx_font_t2k.dllJump to dropped file
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\hprof.dllJump to dropped file
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\sunmscapi.dllJump to dropped file
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jawt.dllJump to dropped file
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\deploy.dllJump to dropped file
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\management.dllJump to dropped file
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\rmid.exeJump to dropped file
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\rmiregistry.exeJump to dropped file
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\install.exeJump to dropped file
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\msvcr100.dllJump to dropped file
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javafx_iio.dllJump to dropped file
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jsdt.dllJump to dropped file
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\j2pcsc.dllJump to dropped file
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\dtplugin\npdeployJava1.dllJump to dropped file
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\splashscreen.dllJump to dropped file
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\wsdetect.dllJump to dropped file
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\dt_socket.dllJump to dropped file
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\mlib_image.dllJump to dropped file
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\nio.dllJump to dropped file
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jp2native.dllJump to dropped file
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\fontmanager.dllJump to dropped file
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\ssvagent.exeJump to dropped file
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\java.dllJump to dropped file
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jabswitch.exeJump to dropped file
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jsound.dllJump to dropped file
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\eula.dllJump to dropped file
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\verify.dllJump to dropped file
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\j2pkcs11.dllJump to dropped file
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\orbd.exeJump to dropped file
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\unpack.dllJump to dropped file
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\client\jvm.dllJump to dropped file
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\t2k.dllJump to dropped file
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jjs.exeJump to dropped file
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\msvcp120.dllJump to dropped file
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\prism_d3d.dllJump to dropped file
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\JAWTAccessBridge.dllJump to dropped file
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\sunec.dllJump to dropped file
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javacpl.cplJump to dropped file
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\tnameserv.exeJump to dropped file
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\JavaAccessBridge.dllJump to dropped file
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\msvcr120.dllJump to dropped file
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\fxplugins.dllJump to dropped file
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\glass.dllJump to dropped file
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\glib-lite.dllJump to dropped file
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\java_crw_demo.dllJump to dropped file
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jpeg.dllJump to dropped file
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\dt_shmem.dllJump to dropped file
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\JAWTAccessBridge-32.dllJump to dropped file
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javacpl.cplJump to dropped file
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\README.txtJump to behavior
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\THIRDPARTYLICENSEREADME-JAVAFX.txtJump to behavior
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\THIRDPARTYLICENSEREADME-JAVAFX.txtJump to behavior
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\THIRDPARTYLICENSEREADME.txtJump to behavior
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeFile created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\THIRDPARTYLICENSEREADME.txtJump to behavior
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\npt.dllJump to dropped file
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jfr.dllJump to dropped file
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jli.dllJump to dropped file
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jp2iexp.dllJump to dropped file
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\resource.dllJump to dropped file
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jsoundds.dllJump to dropped file
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\plugin2\msvcr100.dllJump to dropped file
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\klist.exeJump to dropped file
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javacpl.exeJump to dropped file
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\ktab.exeJump to dropped file
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\gstreamer-lite.dllJump to dropped file
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\java.exeJump to dropped file
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\prism_sw.dllJump to dropped file
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jdwp.dllJump to dropped file
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\kcms.dllJump to dropped file
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\lcms.dllJump to dropped file
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\java-rmi.exeJump to dropped file
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\prism_common.dllJump to dropped file
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jfxmedia.dllJump to dropped file
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\dtplugin\deployJava1.dllJump to dropped file
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jp2launcher.exeJump to dropped file
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\net.dllJump to dropped file
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\ssv.dllJump to dropped file
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\kinit.exeJump to dropped file
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jfxwebkit.dllJump to dropped file
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\decora_sse.dllJump to dropped file
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\plugin2\npjp2.dllJump to dropped file
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\keytool.exeJump to dropped file
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\unpack200.exeJump to dropped file
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\zip.dllJump to dropped file
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaws.exeJump to dropped file
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\JavaAccessBridge-32.dllJump to dropped file
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\dcpr.dllJump to dropped file
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jaas_nt.dllJump to dropped file
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\bci.dllJump to dropped file
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jp2ssv.dllJump to dropped file
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\servertool.exeJump to dropped file
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\w2k_lsa_auth.dllJump to dropped file
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\policytool.exeJump to dropped file
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\instrument.dllJump to dropped file
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javafx_font.dllJump to dropped file
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\WindowsAccessBridge.dllJump to dropped file
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\WindowsAccessBridge-32.dllJump to dropped file
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\awt.dllJump to dropped file
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\pack200.exeJump to dropped file
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javafx_font_t2k.dllJump to dropped file
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\hprof.dllJump to dropped file
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\sunmscapi.dllJump to dropped file
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jawt.dllJump to dropped file
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\deploy.dllJump to dropped file
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\rmid.exeJump to dropped file
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\management.dllJump to dropped file
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\rmiregistry.exeJump to dropped file
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\msvcr100.dllJump to dropped file
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jsdt.dllJump to dropped file
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javafx_iio.dllJump to dropped file
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\j2pcsc.dllJump to dropped file
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\dtplugin\npdeployJava1.dllJump to dropped file
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\splashscreen.dllJump to dropped file
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\wsdetect.dllJump to dropped file
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\mlib_image.dllJump to dropped file
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\dt_socket.dllJump to dropped file
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\nio.dllJump to dropped file
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jp2native.dllJump to dropped file
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\fontmanager.dllJump to dropped file
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\ssvagent.exeJump to dropped file
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\java.dllJump to dropped file
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jabswitch.exeJump to dropped file
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jsound.dllJump to dropped file
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\verify.dllJump to dropped file
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\eula.dllJump to dropped file
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\j2pkcs11.dllJump to dropped file
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\orbd.exeJump to dropped file
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\unpack.dllJump to dropped file
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\client\jvm.dllJump to dropped file
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\t2k.dllJump to dropped file
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jjs.exeJump to dropped file
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\msvcp120.dllJump to dropped file
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\prism_d3d.dllJump to dropped file
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\JAWTAccessBridge.dllJump to dropped file
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\sunec.dllJump to dropped file
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\tnameserv.exeJump to dropped file
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javacpl.cplJump to dropped file
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\JavaAccessBridge.dllJump to dropped file
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\msvcr120.dllJump to dropped file
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\fxplugins.dllJump to dropped file
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\glass.dllJump to dropped file
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\glib-lite.dllJump to dropped file
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\java_crw_demo.dllJump to dropped file
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jpeg.dllJump to dropped file
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\dt_shmem.dllJump to dropped file
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\JAWTAccessBridge-32.dllJump to dropped file
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeCode function: 0_2_00402930 FindFirstFileW,0_2_00402930
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeCode function: 0_2_004069FF FindFirstFileW,FindClose,0_2_004069FF
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeCode function: 0_2_00405DAE CloseHandle,GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,0_2_00405DAE
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeFile opened: C:\Users\user\AppData\Roaming\InstallerPDW\jre\lib\Jump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeFile opened: C:\Users\user\AppData\Roaming\InstallerPDW\Jump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeFile opened: C:\Users\user\AppData\Roaming\InstallerPDW\jre\Jump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeFile opened: C:\Users\user\AppData\Roaming\Jump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeFile opened: C:\Users\user\Jump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeFile opened: C:\Users\user\AppData\Jump to behavior
    Source: javaw.exe, 00000007.00000003.2302311131.0000000015264000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: com/sun/corba/se/impl/util/SUNVMCID.classPK
    Source: javaw.exe, 00000007.00000002.2416067469.000000006C5C1000.00000002.00000001.01000000.00000008.sdmp, classlist.0.drBinary or memory string: java/lang/VirtualMachineError
    Source: javaw.exe, 00000007.00000002.2416067469.000000006C5C1000.00000002.00000001.01000000.00000008.sdmpBinary or memory string: Unable to link/verify VirtualMachineError class
    Source: javaw.exe, 00000007.00000003.2302311131.0000000015264000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: org/omg/CORBA/OMGVMCID.classPK
    Source: javaw.exe, 00000007.00000002.2389431807.0000000002B20000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: cjava/lang/VirtualMachineError
    Source: javaw.exe, 00000007.00000002.2389431807.0000000002B20000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: t[Ljava/lang/VirtualMachineError;
    Source: javaw.exe, 00000007.00000003.2302311131.0000000015264000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: )Q+com/sun/corba/se/impl/util/SUNVMCID.classPK
    Source: javaw.exe, 00000007.00000002.2416067469.000000006C5C1000.00000002.00000001.01000000.00000008.sdmpBinary or memory string: _well_known_klasses[SystemDictionary::VirtualMachineError_klass_knum]
    Source: javaw.exe, 00000007.00000003.2302311131.0000000015264000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: java/lang/VirtualMachineError.classPK
    Source: javaw.exe, 00000007.00000002.2389431807.0000000002B20000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: lVirtualMachineError.java
    Source: javaw.exe, 00000007.00000002.2416067469.000000006C5C1000.00000002.00000001.01000000.00000008.sdmpBinary or memory string: :l{constant pool}code cache C-heap hand metaspace chunks dict zone strs syms heap threads [Verifying Genesis-2147483648Unable to link/verify Finalizer.register methodUnable to link/verify ClassLoader.addClass methodProtectionDomain.impliesCreateAccessControlContext() has the wrong linkageUnable to link/verify Unsafe.throwIllegalAccessError methodJava heap space: failed reallocation of scalar replaced objectsGC overhead limit exceededRequested array size exceeds VM limitCompressed class spaceJava heap spaceUnable to link/verify VirtualMachineError classC:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\hotspot\src\share\vm\oops\arrayKlass.cpp[]guarantee(component_mirror()->klass() != NULL) failedshould have a classC:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\hotspot\src\share\vm\gc_interface/collectedHeap.inline.hpp - length: %dguarantee(a->length() >= 0) failedarray with negative length?guarantee(obj->is_array()) failedmust be arrayshould be klassguarantee(is_constantPool()) failedvtable restored by this call<pseudo-string> cache=0x%08x (extra) for /operands[%d]/preresolutionconstant pool [%d]A constant pool lockC:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\hotspot\src\share\vm\oops\constantPool.cppguarantee(!ConstantPool::is_invokedynamic_index(which)) failedan invokedynamic instruction does not have a klassRESOLVE %s %s
    Source: javaw.exe, 00000007.00000002.2384525821.000000000111B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeAPI call chain: ExitProcess graph end nodegraph_0-3606
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\install.exeCode function: 6_2_00401150 SetUnhandledExceptionFilter,__getmainargs,_iob,_iob,_setmode,_iob,_iob,_setmode,__p__fmode,__p__environ,_cexit,ExitProcess,6_2_00401150
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeMemory protected: page read and write | page guardJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\install.exeProcess created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe "C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe" -Dfile.encoding=UTF-8 -classpath "lib\.;lib\..;lib\asm-all.jar;lib\dn-compiled-module.jar;lib\dn-php-sdk.jar;lib\gson.jar;lib\jphp-app-framework.jar;lib\jphp-core.jar;lib\jphp-desktop-ext.jar;lib\jphp-gui-ext.jar;lib\jphp-json-ext.jar;lib\jphp-runtime.jar;lib\jphp-xml-ext.jar;lib\jphp-zend-ext.jar;lib\jphp-zip-ext.jar;lib\slf4j-api.jar;lib\slf4j-simple.jar;lib\zt-zip.jar" org.develnext.jphp.ext.javafx.FXLauncherJump to behavior
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\install.exeProcess created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe "c:\users\user\appdata\roaming\installerpdw\jre\bin\javaw.exe" -dfile.encoding=utf-8 -classpath "lib\.;lib\..;lib\asm-all.jar;lib\dn-compiled-module.jar;lib\dn-php-sdk.jar;lib\gson.jar;lib\jphp-app-framework.jar;lib\jphp-core.jar;lib\jphp-desktop-ext.jar;lib\jphp-gui-ext.jar;lib\jphp-json-ext.jar;lib\jphp-runtime.jar;lib\jphp-xml-ext.jar;lib\jphp-zend-ext.jar;lib\jphp-zip-ext.jar;lib\slf4j-api.jar;lib\slf4j-simple.jar;lib\zt-zip.jar" org.develnext.jphp.ext.javafx.fxlauncher
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\install.exeProcess created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe "c:\users\user\appdata\roaming\installerpdw\jre\bin\javaw.exe" -dfile.encoding=utf-8 -classpath "lib\.;lib\..;lib\asm-all.jar;lib\dn-compiled-module.jar;lib\dn-php-sdk.jar;lib\gson.jar;lib\jphp-app-framework.jar;lib\jphp-core.jar;lib\jphp-desktop-ext.jar;lib\jphp-gui-ext.jar;lib\jphp-json-ext.jar;lib\jphp-runtime.jar;lib\jphp-xml-ext.jar;lib\jphp-zend-ext.jar;lib\jphp-zip-ext.jar;lib\slf4j-api.jar;lib\slf4j-simple.jar;lib\zt-zip.jar" org.develnext.jphp.ext.javafx.fxlauncherJump to behavior
    Source: C:\Users\user\Desktop\DHzscd9uqT.exeCode function: 0_2_00403665 EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrlenW,wsprintfW,GetFileAttributesW,DeleteFileW,SetCurrentDirectoryW,CopyFileW,ExitProcess,CoUninitialize,ExitProcess,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_00403665
    Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

    Stealing of Sensitive Information

    barindex
    Source: Yara matchFile source: Process Memory Space: javaw.exe PID: 1668, type: MEMORYSTR

    Remote Access Functionality

    barindex
    Source: Yara matchFile source: Process Memory Space: javaw.exe PID: 1668, type: MEMORYSTR
    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
    Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
    Command and Scripting Interpreter
    1
    DLL Side-Loading
    1
    Access Token Manipulation
    11
    Masquerading
    OS Credential Dumping1
    Security Software Discovery
    Remote Services1
    Archive Collected Data
    1
    Web Service
    Exfiltration Over Other Network Medium1
    System Shutdown/Reboot
    CredentialsDomainsDefault AccountsScheduled Task/Job1
    DLL Search Order Hijacking
    11
    Process Injection
    1
    Disable or Modify Tools
    LSASS Memory3
    File and Directory Discovery
    Remote Desktop Protocol1
    Clipboard Data
    12
    Encrypted Channel
    Exfiltration Over BluetoothNetwork Denial of Service
    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
    DLL Side-Loading
    1
    Access Token Manipulation
    Security Account Manager4
    System Information Discovery
    SMB/Windows Admin SharesData from Network Shared Drive1
    Non-Application Layer Protocol
    Automated ExfiltrationData Encrypted for Impact
    Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook1
    DLL Search Order Hijacking
    11
    Process Injection
    NTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture2
    Application Layer Protocol
    Traffic DuplicationData Destruction
    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
    Deobfuscate/Decode Files or Information
    LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts2
    Obfuscated Files or Information
    Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
    DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
    Software Packing
    DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
    Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
    DLL Side-Loading
    Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
    Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
    DLL Search Order Hijacking
    /etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Is Windows Process
    • Number of created Registry Values
    • Number of created Files
    • Visual Basic
    • Delphi
    • Java
    • .Net C# or VB.NET
    • C, C++ or other language
    • Is malicious
    • Internet

    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


    windows-stand
    SourceDetectionScannerLabelLink
    DHzscd9uqT.exe5%ReversingLabs
    SourceDetectionScannerLabelLink
    C:\Users\user\AppData\Roaming\InstallerPDW\install.exe3%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\JAWTAccessBridge-32.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\JAWTAccessBridge.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\JavaAccessBridge-32.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\JavaAccessBridge.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\WindowsAccessBridge-32.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\WindowsAccessBridge.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\awt.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\bci.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\client\jvm.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\dcpr.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\decora_sse.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\deploy.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\dt_shmem.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\dt_socket.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\dtplugin\deployJava1.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\dtplugin\npdeployJava1.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\eula.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\fontmanager.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\fxplugins.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\glass.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\glib-lite.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\gstreamer-lite.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\hprof.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\instrument.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\j2pcsc.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\j2pkcs11.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jaas_nt.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jabswitch.exe0%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\java-rmi.exe0%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\java.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\java.exe0%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\java_crw_demo.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javacpl.cpl0%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javacpl.exe0%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javafx_font.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javafx_font_t2k.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javafx_iio.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe0%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaws.exe0%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jawt.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jdwp.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jfr.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jfxmedia.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jfxwebkit.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jjs.exe0%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jli.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jp2iexp.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jp2launcher.exe0%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jp2native.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jp2ssv.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jpeg.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jsdt.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jsound.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jsoundds.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\kcms.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\keytool.exe0%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\kinit.exe0%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\klist.exe0%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\ktab.exe0%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\lcms.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\management.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\mlib_image.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\msvcp120.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\msvcr100.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\msvcr120.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\net.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\nio.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\npt.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\orbd.exe0%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\pack200.exe0%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\plugin2\msvcr100.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\plugin2\npjp2.dll0%ReversingLabs
    C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\policytool.exe0%ReversingLabs
    No Antivirus matches
    No Antivirus matches
    SourceDetectionScannerLabelLink
    http://javax.xml.XMLConstants/property/accessExternalSchemaD0%Avira URL Cloudsafe
    http://xml.org/sax/features/string-interningr0%Avira URL Cloudsafe
    http://javax.xml.transform.sax.SAXResult/feature#0%Avira URL Cloudsafe
    http://javax.xml.XMLConstants/property/accessExternalDTDR0%Avira URL Cloudsafe
    http://www.certplus.com/CRL/class3P.crl0%Avira URL Cloudsafe
    http://xml.org/sax/features/validation?0%Avira URL Cloudsafe
    HTTP://WWW.CHAMBERSIGN.ORG0%Avira URL Cloudsafe
    http://www.certplus.com/CRL/class2.crl0%Avira URL Cloudsafe
    http://asm.objectweb.org0%Avira URL Cloudsafe
    http://trustcenter-crl.certificat2.com/Keynectis/KEYNECTIS_ROOT_CA.crl0%Avira URL Cloudsafe
    http://xml.org/sax/properties/xml-string?0%Avira URL Cloudsafe
    NameIPActiveMaliciousAntivirus DetectionReputation
    pastebin.com
    104.20.3.235
    truefalse
      high
      NameSourceMaliciousAntivirus DetectionReputation
      http://javafx.com/fxml/1javaw.exe, 00000007.00000002.2398191102.000000000A9AB000.00000004.00001000.00020000.00000000.sdmpfalse
        high
        http://javax.xml.XMLConstants/property/accessExternalDTDRjavaw.exe, 00000007.00000002.2401691014.00000000153A5000.00000004.00000020.00020000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        unknown
        http://apache.org/xml/features/validation/schema/augment-psvijavaw.exe, 00000007.00000002.2398191102.000000000A8CE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.2401691014.00000000153A5000.00000004.00000020.00020000.00000000.sdmpfalse
          high
          http://apache.org/xml/features/standard-uri-conformantDjavaw.exe, 00000007.00000002.2401691014.00000000153A5000.00000004.00000020.00020000.00000000.sdmpfalse
            high
            http://apache.org/xml/properties/input-buffer-sizejavaw.exe, 00000007.00000002.2398191102.000000000A8CE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.2401691014.00000000153A5000.00000004.00000020.00020000.00000000.sdmpfalse
              high
              http://www.chambersign.org1javaw.exe, 00000007.00000002.2398191102.000000000ACF1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.2398191102.000000000AE3E000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.2398191102.000000000AB89000.00000004.00001000.00020000.00000000.sdmpfalse
                high
                http://repository.swisssign.com/0javaw.exe, 00000007.00000002.2398191102.000000000ACF1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.2398191102.000000000AE3E000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.2398191102.000000000AB89000.00000004.00001000.00020000.00000000.sdmpfalse
                  high
                  HTTP://WWW.CHAMBERSIGN.ORGjavaw.exe, 00000007.00000002.2391259934.00000000050B4000.00000004.00001000.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  unknown
                  http://apache.org/xml/properties/internal/entity-managerjavaw.exe, 00000007.00000002.2398191102.000000000A8CE000.00000004.00001000.00020000.00000000.sdmpfalse
                    high
                    http://apache.org/xml/features/internal/parser-settingsjavaw.exe, 00000007.00000002.2398191102.000000000A8CE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.2401691014.00000000153A5000.00000004.00000020.00020000.00000000.sdmpfalse
                      high
                      http://apache.org/xml/features/dom/include-ignorable-whitespacejavaw.exe, 00000007.00000002.2398191102.000000000A8CE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.2401691014.00000000153A5000.00000004.00000020.00020000.00000000.sdmpfalse
                        high
                        http://java.sun.com/xml/dom/properties/javaw.exe, 00000007.00000002.2398191102.000000000A8CE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.2402840749.00000000159B4000.00000004.00000020.00020000.00000000.sdmpfalse
                          high
                          http://apache.org/xml/properties/internal/stax-entity-resolverjavaw.exe, 00000007.00000002.2398191102.000000000A8CE000.00000004.00001000.00020000.00000000.sdmpfalse
                            high
                            http://www.oracle.com/hotspot/jvm/vm/compiler/idjavaw.exe, 00000007.00000002.2416067469.000000006C5C1000.00000002.00000001.01000000.00000008.sdmpfalse
                              high
                              http://apache.org/xml/features/xinclude/fixup-base-urisjavaw.exe, 00000007.00000002.2398191102.000000000A8CE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.2401691014.00000000153A5000.00000004.00000020.00020000.00000000.sdmpfalse
                                high
                                http://apache.org/xml/properties/schema/external-noNamespaceSchemaLocationjavaw.exe, 00000007.00000002.2398191102.000000000A8CE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.2401691014.00000000153A5000.00000004.00000020.00020000.00000000.sdmpfalse
                                  high
                                  http://apache.org/xml/properties/internal/error-reporterjavaw.exe, 00000007.00000002.2398191102.000000000A8CE000.00000004.00001000.00020000.00000000.sdmpfalse
                                    high
                                    http://apache.org/xml/features/validation/schema:javaw.exe, 00000007.00000002.2401691014.00000000153A5000.00000004.00000020.00020000.00000000.sdmpfalse
                                      high
                                      https://gist.github.com/maxd/63691840fc372f22f470.javaw.exe, 00000007.00000003.2360940202.0000000016B67000.00000004.00000020.00020000.00000000.sdmpfalse
                                        high
                                        http://www.oracle.com/hotspot/jvm/java/monitor/addressjavaw.exe, 00000007.00000002.2416067469.000000006C5C1000.00000002.00000001.01000000.00000008.sdmpfalse
                                          high
                                          http://apache.org/xml/features/include-commentsjavaw.exe, 00000007.00000002.2398191102.000000000A8CE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.2401691014.00000000153A5000.00000004.00000020.00020000.00000000.sdmpfalse
                                            high
                                            http://apache.org/xml/features/scanner/notify-char-refsjavaw.exe, 00000007.00000002.2398191102.000000000A8CE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.2401691014.00000000153A5000.00000004.00000020.00020000.00000000.sdmpfalse
                                              high
                                              http://javax.xml.transform.sax.SAXResult/feature#javaw.exe, 00000007.00000002.2401691014.00000000153A5000.00000004.00000020.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              unknown
                                              http://apache.org/xml/properties/internal/symbol-table6javaw.exe, 00000007.00000002.2401691014.00000000153A5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                high
                                                http://java.sun.com/xml/schema/features/report-ignored-element-content-whitespace3javaw.exe, 00000007.00000002.2401691014.00000000153A5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  high
                                                  http://policy.camerfirma.com0javaw.exe, 00000007.00000002.2398191102.000000000ACF1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000007.00000003.2357317591.0000000016B70000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.2398191102.000000000AE3E000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.2407021411.0000000016B70000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    high
                                                    http://apache.org/xml/properties/dom/current-element-node7javaw.exe, 00000007.00000002.2401691014.00000000153A5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      high
                                                      http://java.sun.com/xml/stream/properties/ignore-external-dtdjavaw.exe, 00000007.00000002.2398191102.000000000AAAE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.2401691014.00000000153A5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        high
                                                        http://java.sun.com/xml/stream/properties/ignore-external-dtd9javaw.exe, 00000007.00000002.2401691014.00000000153A5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          high
                                                          http://apache.org/xml/features/continue-after-fatal-errorjavaw.exe, 00000007.00000002.2398191102.000000000A8CE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.2401691014.00000000153A5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            high
                                                            http://apache.org/xml/features/scanner/notify-builtin-refsKjavaw.exe, 00000007.00000002.2401691014.00000000153A5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              high
                                                              http://apache.org/xml/features/standard-uri-conformantjavaw.exe, 00000007.00000002.2398191102.000000000A8CE000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                high
                                                                http://apache.org/xml/properties/internal/document-scannerjavaw.exe, 00000007.00000002.2398191102.000000000A8CE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.2401691014.00000000153A5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  high
                                                                  http://www.oracle.com/hotspot/jdk/jfr.jar.0.drfalse
                                                                    high
                                                                    http://www.certplus.com/CRL/class2.crljavaw.exe, 00000007.00000002.2398191102.000000000ACF1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.2398191102.000000000AB89000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    unknown
                                                                    http://apache.org/xml/features/nonvalidating/load-external-dtd-Ajavaw.exe, 00000007.00000002.2401691014.00000000153A5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      high
                                                                      http://bugreport.sun.com/bugreport/javaw.exe, 00000007.00000002.2398191102.000000000A417000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.2415536306.000000006C2E3000.00000002.00000001.01000000.0000000A.sdmp, java.dll.0.drfalse
                                                                        high
                                                                        http://xml.org/sax/features/string-interningrjavaw.exe, 00000007.00000003.2358985541.0000000015A44000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.2402840749.00000000159B4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        • Avira URL Cloud: safe
                                                                        unknown
                                                                        http://java.oracle.com/javaw.exe, 00000007.00000002.2398191102.000000000A41C000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.2415536306.000000006C2E3000.00000002.00000001.01000000.0000000A.sdmp, java.dll.0.drfalse
                                                                          high
                                                                          http://apache.org/xml/features/javaw.exe, 00000007.00000002.2398191102.000000000A8CE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.2401691014.00000000153A5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            high
                                                                            http://apache.org/xml/features/generate-synthetic-annotationsjavaw.exe, 00000007.00000002.2398191102.000000000A8CE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.2401691014.00000000153A5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              high
                                                                              http://www.oracle.com/technetwork/java/javaseproducts/C:javaw.exe, 00000007.00000002.2416067469.000000006C5C1000.00000002.00000001.01000000.00000008.sdmpfalse
                                                                                high
                                                                                http://www.symauth.com/cps0(fxplugins.dll.0.dr, javafx_iio.dll.0.dr, java.dll.0.dr, t2k.dll.0.dr, bci.dll.0.dr, lcms.dll.0.dr, tnameserv.exe.0.dr, JavaAccessBridge-32.dll.0.dr, jfxmedia.dll.0.dr, jawt.dll.0.dr, orbd.exe.0.dr, mlib_image.dll.0.drfalse
                                                                                  high
                                                                                  http://xml.org/sax/features/allow-dtd-events-after-endDTDjavaw.exe, 00000007.00000002.2398191102.000000000A8CE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.2401691014.00000000153A5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    high
                                                                                    http://cps.chambersign.org/cps/chambersroot.htmljavaw.exe, 00000007.00000002.2398191102.000000000ACF1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.2398191102.000000000AB89000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                      high
                                                                                      http://www.certplus.com/CRL/class3P.crljavaw.exe, 00000007.00000002.2398191102.000000000ACF1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.2398191102.000000000AB89000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                      • Avira URL Cloud: safe
                                                                                      unknown
                                                                                      http://java.sun.com/xml/stream/properties/-javaw.exe, 00000007.00000002.2402840749.00000000159B4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        high
                                                                                        http://apache.org/xml/features/internal/validation/schema/use-grammar-pool-onlyjavaw.exe, 00000007.00000002.2398191102.000000000A8CE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.2401691014.00000000153A5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          high
                                                                                          http://xml.org/sax/features/string-interningfeaturejavaw.exe, 00000007.00000003.2358985541.0000000015A44000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.2402840749.00000000159B4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            high
                                                                                            http://crl.securetrust.com/STCA.crljavaw.exe, 00000007.00000002.2398191102.000000000ACF1000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                              high
                                                                                              http://apache.org/xml/properties/internal/namespace-binderjavaw.exe, 00000007.00000002.2398191102.000000000A8CE000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                high
                                                                                                http://www.oracle.com/hotspot/jvm/vm/gc/idjavaw.exe, 00000007.00000002.2416067469.000000006C5C1000.00000002.00000001.01000000.00000008.sdmpfalse
                                                                                                  high
                                                                                                  http://www.symauth.com/rpa00fxplugins.dll.0.dr, javafx_iio.dll.0.dr, java.dll.0.dr, t2k.dll.0.dr, bci.dll.0.dr, lcms.dll.0.dr, tnameserv.exe.0.dr, JavaAccessBridge-32.dll.0.dr, jfxmedia.dll.0.dr, jawt.dll.0.dr, orbd.exe.0.dr, mlib_image.dll.0.drfalse
                                                                                                    high
                                                                                                    http://www.oracle.com/xml/is-standalonejavaw.exe, 00000007.00000002.2398191102.000000000A8CE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.2401691014.00000000153A5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      high
                                                                                                      http://javax.xml.transform.sax.SAXTransformerFactory/featurejavaw.exe, 00000007.00000002.2398191102.000000000A8CE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.2401691014.00000000153A5000.00000004.00000020.00020000.00000000.sdmp, jfr.jar.0.drfalse
                                                                                                        high
                                                                                                        http://javafx.com/vp6decoderflvdemuxfxplugins.dll.0.drfalse
                                                                                                          high
                                                                                                          http://javax.xml.XMLConstants/property/accessExternalStylesheetjavaw.exe, 00000007.00000002.2398191102.000000000A8CE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.2401691014.00000000153A5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            high
                                                                                                            http://xml.org/sax/features/validation?javaw.exe, 00000007.00000002.2401691014.00000000153A5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            • Avira URL Cloud: safe
                                                                                                            unknown
                                                                                                            http://apache.org/xml/properties/security-managerjavaw.exe, 00000007.00000002.2398191102.000000000A8CE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.2401691014.00000000153A5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              high
                                                                                                              http://www.oracle.com/technetwork/java/javaseproducts/javaw.exe, 00000007.00000002.2416067469.000000006C5C1000.00000002.00000001.01000000.00000008.sdmpfalse
                                                                                                                high
                                                                                                                http://java.sun.com/xml/dom/properties/ancestor-checkjavaw.exe, 00000007.00000002.2398191102.000000000A8CE000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                  high
                                                                                                                  http://xml.apache.org/xsltjavaw.exe, 00000007.00000002.2401691014.00000000153A5000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000007.00000003.2358985541.0000000015A9C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    high
                                                                                                                    http://www.oracle.com/hotspot/jvm/javaw.exe, 00000007.00000002.2416067469.000000006C5C1000.00000002.00000001.01000000.00000008.sdmp, jfr.jar.0.drfalse
                                                                                                                      high
                                                                                                                      http://javax.xml.transform.stax.StAXResult/featurejavaw.exe, 00000007.00000002.2401691014.00000000153A5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        high
                                                                                                                        http://asm.objectweb.orgjavaw.exe, 00000007.00000002.2398191102.000000000A636000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                        • Avira URL Cloud: safe
                                                                                                                        unknown
                                                                                                                        http://apache.org/xml/features/dom/include-ignorable-whitespace:javaw.exe, 00000007.00000002.2401691014.00000000153A5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          high
                                                                                                                          http://apache.org/xml/features/namespacesjavaw.exe, 00000007.00000003.2358985541.0000000015A44000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.2402840749.00000000159B4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            high
                                                                                                                            http://apache.org/xml/properties/security-manager&javaw.exe, 00000007.00000002.2401691014.00000000153A5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              high
                                                                                                                              http://apache.org/xml/features/xincludejavaw.exe, 00000007.00000002.2398191102.000000000A8CE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.2401691014.00000000153A5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                high
                                                                                                                                http://apache.org/xml/features/validation/schema-full-checkingjavaw.exe, 00000007.00000002.2398191102.000000000A8CE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.2401691014.00000000153A5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                  high
                                                                                                                                  http://javax.xml.XMLConstants/property/javaw.exe, 00000007.00000002.2402840749.00000000159B4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                    high
                                                                                                                                    http://openjdk.java.net/jeps/220).javaw.exe, 00000007.00000002.2416067469.000000006C5C1000.00000002.00000001.01000000.00000008.sdmpfalse
                                                                                                                                      high
                                                                                                                                      http://apache.org/xml/properties/internal/grammar-pooljavaw.exe, 00000007.00000002.2401691014.00000000153A5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                        high
                                                                                                                                        http://apache.org/xml/properties/localejavaw.exe, 00000007.00000002.2398191102.000000000A8CE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.2401691014.00000000153A5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                          high
                                                                                                                                          http://javax.xml.XMLConstants/property/accessExternalSchemaDjavaw.exe, 00000007.00000002.2401691014.00000000153A5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                          • Avira URL Cloud: safe
                                                                                                                                          unknown
                                                                                                                                          http://java.sun.com/xml/stream/properties/reader-in-defined-statejavaw.exe, 00000007.00000002.2398191102.000000000A8CE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.2402840749.00000000159B4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                            high
                                                                                                                                            http://crl.thawte.com/ThawteTimestampingCA.crl0fxplugins.dll.0.dr, javafx_iio.dll.0.dr, java.dll.0.dr, t2k.dll.0.dr, bci.dll.0.dr, lcms.dll.0.dr, tnameserv.exe.0.dr, JavaAccessBridge-32.dll.0.dr, jfxmedia.dll.0.dr, jawt.dll.0.dr, orbd.exe.0.dr, mlib_image.dll.0.drfalse
                                                                                                                                              high
                                                                                                                                              http://www.quovadisglobal.com/cps0javaw.exe, 00000007.00000002.2398191102.000000000ACF1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.2398191102.000000000AE3E000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.2398191102.000000000AB89000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                high
                                                                                                                                                http://trustcenter-crl.certificat2.com/Keynectis/KEYNECTIS_ROOT_CA.crljavaw.exe, 00000007.00000002.2398191102.000000000ACF1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.2398191102.000000000AB89000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                • Avira URL Cloud: safe
                                                                                                                                                unknown
                                                                                                                                                http://apache.org/xml/features/allow-java-encodingsjavaw.exe, 00000007.00000002.2398191102.000000000A8CE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.2401691014.00000000153A5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                  high
                                                                                                                                                  http://apache.org/xml/properties/internal/validator/dtdDjavaw.exe, 00000007.00000002.2401691014.00000000153A5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                    high
                                                                                                                                                    http://www.oracle.com/feature/use-service-mechanismjavaw.exe, 00000007.00000002.2398191102.000000000A8CE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.2401691014.00000000153A5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                      high
                                                                                                                                                      http://javax.xml.XMLConstants/property/accessExternalDTDjavaw.exe, 00000007.00000002.2398191102.000000000A8CE000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                        high
                                                                                                                                                        http://apache.org/xml/features/validation/warn-on-undeclared-elemdef3javaw.exe, 00000007.00000002.2401691014.00000000153A5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                          high
                                                                                                                                                          http://apache.org/xml/xmlschema/1.0/anonymousTypesjavaw.exe, 00000007.00000002.2398191102.000000000A8CE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.2402840749.00000000159B4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                            high
                                                                                                                                                            http://apache.org/xml/features/validation/schema/normalized-valuejavaw.exe, 00000007.00000002.2398191102.000000000A8CE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.2401691014.00000000153A5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                              high
                                                                                                                                                              http://apache.org/xml/features/xinclude/fixup-languagejavaw.exe, 00000007.00000002.2398191102.000000000A8CE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.2401691014.00000000153A5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                high
                                                                                                                                                                http://javax.xml.transform.dom.DOMSource/featurejavaw.exe, 00000007.00000002.2398191102.000000000A8CE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.2401691014.00000000153A5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                  high
                                                                                                                                                                  http://java.sun.com/xml/stream/properties/report-cdata-event/javaw.exe, 00000007.00000002.2401691014.00000000153A5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                    high
                                                                                                                                                                    https://github.com/TsSaltan/DevelNext-jURL/releases/latestjavaw.exe, 00000007.00000002.2398191102.000000000AB89000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.2405654529.0000000016920000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                      high
                                                                                                                                                                      http://www.quovadisglobal.com/cpsjavaw.exe, 00000007.00000002.2398191102.000000000ACF1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.2398191102.000000000AB89000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                        high
                                                                                                                                                                        http://apache.org/xml/properties/dom/document-class-namejavaw.exe, 00000007.00000002.2398191102.000000000A8CE000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                          high
                                                                                                                                                                          http://java.sun.com/xml/schema/features/report-ignored-element-content-whitespacejavaw.exe, 00000007.00000002.2398191102.000000000A8CE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.2401691014.00000000153A5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                            high
                                                                                                                                                                            http://apache.org/xml/properties/internal/symbol-tablejavaw.exe, 00000007.00000002.2398191102.000000000A8CE000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000007.00000002.2401691014.00000000153A5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                              high
                                                                                                                                                                              http://apache.org/xml/properties/internal/error-handler=javaw.exe, 00000007.00000002.2401691014.00000000153A5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                high
                                                                                                                                                                                http://www.quovadis.bmjavaw.exe, 00000007.00000002.2398191102.000000000ACF1000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                  high
                                                                                                                                                                                  http://apache.org/xml/features/xincludeCjavaw.exe, 00000007.00000002.2401691014.00000000153A5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                    high
                                                                                                                                                                                    http://xml.org/sax/properties/xml-string?javaw.exe, 00000007.00000002.2401691014.00000000153A5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                    • Avira URL Cloud: safe
                                                                                                                                                                                    unknown
                                                                                                                                                                                    http://site.com/javaw.exe, 00000007.00000002.2398191102.000000000ACF1000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                      high
                                                                                                                                                                                      http://apache.org/xml/properties/internal/dtd-processor7javaw.exe, 00000007.00000002.2401691014.00000000153A5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                        high
                                                                                                                                                                                        • No. of IPs < 25%
                                                                                                                                                                                        • 25% < No. of IPs < 50%
                                                                                                                                                                                        • 50% < No. of IPs < 75%
                                                                                                                                                                                        • 75% < No. of IPs
                                                                                                                                                                                        IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                        104.20.3.235
                                                                                                                                                                                        pastebin.comUnited States
                                                                                                                                                                                        13335CLOUDFLARENETUSfalse
                                                                                                                                                                                        Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                        Analysis ID:1560416
                                                                                                                                                                                        Start date and time:2024-11-21 19:33:12 +01:00
                                                                                                                                                                                        Joe Sandbox product:CloudBasic
                                                                                                                                                                                        Overall analysis duration:0h 10m 55s
                                                                                                                                                                                        Hypervisor based Inspection enabled:false
                                                                                                                                                                                        Report type:full
                                                                                                                                                                                        Cookbook file name:default.jbs
                                                                                                                                                                                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                        Number of analysed new started processes analysed:16
                                                                                                                                                                                        Number of new started drivers analysed:0
                                                                                                                                                                                        Number of existing processes analysed:0
                                                                                                                                                                                        Number of existing drivers analysed:0
                                                                                                                                                                                        Number of injected processes analysed:0
                                                                                                                                                                                        Technologies:
                                                                                                                                                                                        • HCA enabled
                                                                                                                                                                                        • EGA enabled
                                                                                                                                                                                        • AMSI enabled
                                                                                                                                                                                        Analysis Mode:default
                                                                                                                                                                                        Analysis stop reason:Timeout
                                                                                                                                                                                        Sample name:DHzscd9uqT.exe
                                                                                                                                                                                        renamed because original name is a hash value
                                                                                                                                                                                        Original Sample Name:183c6aa694124103e3896ee7b71175f4a81d9533218617cb80d60d9307b53c90.exe
                                                                                                                                                                                        Detection:MAL
                                                                                                                                                                                        Classification:mal45.troj.winEXE@5/219@1/1
                                                                                                                                                                                        EGA Information:
                                                                                                                                                                                        • Successful, ratio: 66.7%
                                                                                                                                                                                        HCA Information:
                                                                                                                                                                                        • Successful, ratio: 100%
                                                                                                                                                                                        • Number of executed functions: 46
                                                                                                                                                                                        • Number of non-executed functions: 67
                                                                                                                                                                                        Cookbook Comments:
                                                                                                                                                                                        • Found application associated with file extension: .exe
                                                                                                                                                                                        • Exclude process from analysis (whitelisted): dllhost.exe, BackgroundTransferHost.exe, WMIADAP.exe, SIHClient.exe, backgroundTaskHost.exe, svchost.exe
                                                                                                                                                                                        • Excluded IPs from analysis (whitelisted): 23.218.208.109
                                                                                                                                                                                        • Excluded domains from analysis (whitelisted): www.bing.com, client.wns.windows.com, fs.microsoft.com, otelrules.azureedge.net, slscr.update.microsoft.com, tse1.mm.bing.net, g.bing.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, arc.msn.com, fe3cr.delivery.mp.microsoft.com, ocsp.digicert.com, e16604.g.akamaiedge.net, prod.fs.microsoft.com.akadns.net
                                                                                                                                                                                        • Execution Graph export aborted for target javaw.exe, PID 1668 because there are no executed function
                                                                                                                                                                                        • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                                        • Report size getting too big, too many NtSetInformationFile calls found.
                                                                                                                                                                                        • VT rate limit hit for: DHzscd9uqT.exe
                                                                                                                                                                                        No simulations
                                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                        104.20.3.235cr_asm3.ps1Get hashmaliciousUnknownBrowse
                                                                                                                                                                                        • pastebin.com/raw/sA04Mwk2
                                                                                                                                                                                        gabe.ps1Get hashmaliciousUnknownBrowse
                                                                                                                                                                                        • pastebin.com/raw/sA04Mwk2
                                                                                                                                                                                        cr_asm.ps1Get hashmaliciousUnknownBrowse
                                                                                                                                                                                        • pastebin.com/raw/sA04Mwk2
                                                                                                                                                                                        cr_asm_atCAD.ps1Get hashmaliciousUnknownBrowse
                                                                                                                                                                                        • pastebin.com/raw/sA04Mwk2
                                                                                                                                                                                        vF20HtY4a4.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                        • pastebin.com/raw/sA04Mwk2
                                                                                                                                                                                        OSLdZanXNc.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                        • pastebin.com/raw/sA04Mwk2
                                                                                                                                                                                        5UIy3bo46y.dllGet hashmaliciousUnknownBrowse
                                                                                                                                                                                        • pastebin.com/raw/sA04Mwk2
                                                                                                                                                                                        Lm9IJ4r9oO.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                        • pastebin.com/raw/sA04Mwk2
                                                                                                                                                                                        BeginSync lnk.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                        • pastebin.com/raw/sA04Mwk2
                                                                                                                                                                                        sostener.vbsGet hashmaliciousNjratBrowse
                                                                                                                                                                                        • pastebin.com/raw/V9y5Q5vv
                                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                        pastebin.comahmbf.ps1Get hashmaliciousUnknownBrowse
                                                                                                                                                                                        • 172.67.19.24
                                                                                                                                                                                        file.exeGet hashmaliciousJasonRATBrowse
                                                                                                                                                                                        • 104.20.3.235
                                                                                                                                                                                        DEVIS_VALIDE.jsGet hashmaliciousXWormBrowse
                                                                                                                                                                                        • 104.20.3.235
                                                                                                                                                                                        download.exeGet hashmaliciousRemcos, XWormBrowse
                                                                                                                                                                                        • 172.67.19.24
                                                                                                                                                                                        Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                        • 104.20.4.235
                                                                                                                                                                                        n7ZKbApaa3.dllGet hashmaliciousLummaC, XmrigBrowse
                                                                                                                                                                                        • 172.67.19.24
                                                                                                                                                                                        SecurityHealthService.exeGet hashmaliciousAsyncRAT, DarkTortilla, XWormBrowse
                                                                                                                                                                                        • 104.20.3.235
                                                                                                                                                                                        AYoF5MX6wK.exeGet hashmaliciousSTRRATBrowse
                                                                                                                                                                                        • 104.20.3.235
                                                                                                                                                                                        PqSIlYOaIF.exeGet hashmaliciousLummaC, XmrigBrowse
                                                                                                                                                                                        • 172.67.19.24
                                                                                                                                                                                        ERxqzVIPur.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                        • 104.20.3.235
                                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                        CLOUDFLARENETUShttp://bc1qcr8muz00d2v7uqg5ggulrmm.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                        • 104.21.5.242
                                                                                                                                                                                        https://www.google.com/url?sa=https://r20.rs6.net/tns.jsp?f=t&rct=j&q=&esrc=s&source=web&cd=&cad=rja&uact=8&ved=2ahUKEwjU1vfA9siJAxVNh_0HHcggMUkQFnoECB0QAQ&url=amp/s/d7TO.ifvxdvrhe.ru%2FDflmD%2FGet hashmaliciousUnknownBrowse
                                                                                                                                                                                        • 104.17.25.14
                                                                                                                                                                                        scam.htmlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                        • 172.67.200.84
                                                                                                                                                                                        file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                        • 104.21.66.38
                                                                                                                                                                                        https://bafkreifkijr4deqnzixvigwgbpmegtl7w7z65bwaf2xegf6wb5oejvy7je.ipfs.flk-ipfs.xyz/#mail@andrejsmanagement.com&c=E,1,7ZfSQ9vAYe7rvB9NwKAqcoBV6_2nCPL09QKb7jG3WYDaiZix9u1hiaulren8GlCVh8tr3ArY61yo0-gZFvLQqJ6pANsbQuIKnEW2EuUntXIIWBvyOuRTAdpQ&typo=1Get hashmaliciousUnknownBrowse
                                                                                                                                                                                        • 1.1.1.1
                                                                                                                                                                                        http://email.double.serviceautopilot.com/c/eJwczE2OrCAQAODTyA5ThfwUCxZv0_coqOJJom1HbZO5_SRzga8d-4ffP0MKRcKWQG0OMVjforMsga04XpR789LQSOkxO4pGC6YFiSjHbHTnsQ0pXnvtot1yXZL1Gthyr2SJckV2vXkQs5bMsUNk5LqACCFoapQqh4SYAzgzigPnEZEAMEKeQw-1xc5OKcWwwORBjm_ddL70fEZT_t7HZ2zHPbdjN1tZ7_szLf8m95rcq4nKOR69Zr0m96rje487ZnOWnd_8X8_Jwzq27RqiO7-Pc1__mKe43wAAAP__Gf5XhQGet hashmaliciousUnknownBrowse
                                                                                                                                                                                        • 104.16.124.96
                                                                                                                                                                                        file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                        • 104.21.66.38
                                                                                                                                                                                        file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                                        • 104.21.66.38
                                                                                                                                                                                        ULNZPn6D33.exeGet hashmaliciousSliverBrowse
                                                                                                                                                                                        • 172.67.208.214
                                                                                                                                                                                        http://steiraair.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                        • 172.67.11.155
                                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                        2db6873021f2a95daa7de0d93a1d1bf2AYoF5MX6wK.exeGet hashmaliciousSTRRATBrowse
                                                                                                                                                                                        • 104.20.3.235
                                                                                                                                                                                        Confirm Me.exeGet hashmaliciousSTRRATBrowse
                                                                                                                                                                                        • 104.20.3.235
                                                                                                                                                                                        PInstaller.exeGet hashmaliciousSTRRATBrowse
                                                                                                                                                                                        • 104.20.3.235
                                                                                                                                                                                        123.sfx.exeGet hashmaliciousSTRRATBrowse
                                                                                                                                                                                        • 104.20.3.235
                                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                        C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\JAWTAccessBridge-32.dllAYoF5MX6wK.exeGet hashmaliciousSTRRATBrowse
                                                                                                                                                                                          Confirm Me.exeGet hashmaliciousSTRRATBrowse
                                                                                                                                                                                            PInstaller.exeGet hashmaliciousSTRRATBrowse
                                                                                                                                                                                              123.sfx.exeGet hashmaliciousSTRRATBrowse
                                                                                                                                                                                                EYOFFTITMDLXZJFFCCGFDTBIY.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                  SSCBOLGZFXVJMEICRNQMJOCDIF.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                    BOCTGZXINFFCD20242108.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                      PGCTGZXFCD20242008.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                        CloudInstaller.zipGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          uChcvn3L6R.exeGet hashmaliciousDCRatBrowse
                                                                                                                                                                                                            Process:C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe
                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):67
                                                                                                                                                                                                            Entropy (8bit):4.7447559813088045
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:3:oNN+EaKC5FXmR6y:oNN7aZ5FXmsy
                                                                                                                                                                                                            MD5:8271878368CB1634E9ABCC1A8529DFFC
                                                                                                                                                                                                            SHA1:DC26D0C1858F416DD95D5555F53C59DDE6B53D2D
                                                                                                                                                                                                            SHA-256:7168DC12F1A4096F7545C3BED95DE7EA80895659224718E1F45D121DB5E23821
                                                                                                                                                                                                            SHA-512:64DA4ECFD2DAFA9698E126BD33C46083CD91C6CCE2E1B86F57AA6ECB31EBF8A90E5E859D63ADCA7EB5F5E5197D6AD179519C3BE3FC964AFE2918318B9C09A1BF
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Reputation:low
                                                                                                                                                                                                            Preview:C:\Users\user\AppData\Roaming\InstallerPDW\jre..1732214060667..
                                                                                                                                                                                                            Process:C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe
                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):65536
                                                                                                                                                                                                            Entropy (8bit):1.3598370338146064
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:96:Hx1raj8G/ETDPjKrNfc13SUQk8m++BkH/H4HFHnHGHzHoHVHFHhcH4HkH0H0HQWS:HxG8GEDPjKrNfaQZmrFWrRAxNiDlY38
                                                                                                                                                                                                            MD5:57624FB07E4BA1877CB5694C89E8612B
                                                                                                                                                                                                            SHA1:0BEF75D1DABB6D4B9C4E8682DA266764E9DB0ED3
                                                                                                                                                                                                            SHA-256:45845C59117C2622D898DBC541381C3A6C5D17BD4132C2DD77388672B016E7C9
                                                                                                                                                                                                            SHA-512:7AECC1EF37FCDC9AAC055AAE79E76E42408AF6CDD980EE09C3ADA0850A6208355ABD70B50384087ECE41497A7FD412508149C0054791226095E17B0712C50C76
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Reputation:low
                                                                                                                                                                                                            Preview:........`;......T.H..... .......8...........J...0...sun.rt._sync_Inflations.............8...........J...0...sun.rt._sync_Deflations.....,.......@...........J...8...sun.rt._sync_ContendedLockAttempts..........8...........J...0...sun.rt._sync_FutileWakeups..........0...........J...(...sun.rt._sync_Parks..A.......@...........J...8...sun.rt._sync_EmptyNotifications.............8...........J...0...sun.rt._sync_Notifications..:.......8...........J...0...sun.rt._sync_SlowEnter..............8...........J...0...sun.rt._sync_SlowExit...............8...........J...0...sun.rt._sync_SlowNotify.............8...........J...0...sun.rt._sync_SlowNotifyAll..........8...........J...0...sun.rt._sync_FailedSpins............@...........J...8...sun.rt._sync_SuccessfulSpins................8...........J...0...sun.rt._sync_PrivateA...............8...........J...0...sun.rt._sync_PrivateB...............@...........J...8...sun.rt._sync_MonInCirculation...............8...........J...0...sun.rt._sync_MonScavenged...
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):161470403
                                                                                                                                                                                                            Entropy (8bit):6.709413495190137
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:1572864:HAcje4a6u24/Zcv/GhiQs0GZTjjY1UWB4LcnIy:HNJa61b5Tjj/5LcJ
                                                                                                                                                                                                            MD5:2CDC9F87A7CE40170F3ABD9BC04DF566
                                                                                                                                                                                                            SHA1:9D307300B65390A84F278E1573E5A879B1B0DDE9
                                                                                                                                                                                                            SHA-256:170983105506859E8C714B1395F43636DAFA430F4304DDE600ADE0BDF5BAE2E1
                                                                                                                                                                                                            SHA-512:7606E6E93E53C96D9FC4D4B120C6398E06F7F5DB10CCDAE27AC01AB6A2732B4B64319980312AA737BF0E1D2C454F418E37E1B29AF3F115F1D5BEFBA66EDF66B9
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Reputation:low
                                                                                                                                                                                                            Preview:TM......,...................#....)......>L.......M..........................................................................4...............................................................................................................................................................G...J...........$...g.......................Z.......................................j.......................Z...................................................................................................................5.......\k..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):139264
                                                                                                                                                                                                            Entropy (8bit):4.666787084027331
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:1536:xZ2FWSNhd/4131iO08SKKAP7wBwp8wZtE:T2ddQ131i1pKJP7w2p
                                                                                                                                                                                                            MD5:FCA89C62D6EA9F979B3A8D21EE2C4F55
                                                                                                                                                                                                            SHA1:BD77809998B5CFEF93E3C34AF3DDB8292F549D44
                                                                                                                                                                                                            SHA-256:6B069E5B450898615E709275BC0A53B529F171301A603093BDC17EBD784E0E34
                                                                                                                                                                                                            SHA-512:F1F1F30D0C07C343D9709DD4A6405751DE678886703BD59F2D72751F3D470CA88389B3CE3BA5966282E6F60AE68F13DE722E885F4BD1BFAE2AAD60323EDF7DF0
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                                                                                                            Reputation:low
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....v.f.................b........................@.................................:&....@... ..............................0.......@..H............................................................................2...............................text....`.......b.................. .0`.data...@............f..............@.0..rdata...............h..............@.0@.bss....0.............................0..idata.......0.......n..............@.0..rsrc...H....@.......z..............@.0.................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:ISO-8859 text, with CRLF line terminators
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):3313
                                                                                                                                                                                                            Entropy (8bit):4.557128068430301
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:96:a58tiSm9iicC7CRRS9i7cq11iUDcsMLks0h9n:WOi59rcF/Cigq11iUD5MLks0z
                                                                                                                                                                                                            MD5:FC605D978E7825595D752DF2EF03F8AF
                                                                                                                                                                                                            SHA1:C493C9541CAAEE4BFE3B3E48913FD9DF7809299F
                                                                                                                                                                                                            SHA-256:7D697EAA9ACF50FE0B57639B3C62FF02916DA184F191944F49ECA93D0BB3374F
                                                                                                                                                                                                            SHA-512:FB811DE6A2B36B28CA904224EA3525124BD4628CA9618C70EB9234AB231A09C1B1F28D9B6301581A4FA2E20F1036D5E1C3D6F1BF316C7FE78EF6EDEAE50EA40E
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Reputation:moderate, very likely benign file
                                                                                                                                                                                                            Preview:Copyright . 1993, 2016, Oracle and/or its affiliates...All rights reserved.....This software and related documentation are provided under a..license agreement containing restrictions on use and..disclosure and are protected by intellectual property laws...Except as expressly permitted in your license agreement or..allowed by law, you may not use, copy, reproduce, translate,..broadcast, modify, license, transmit, distribute, exhibit,..perform, publish, or display any part, in any form, or by..any means. Reverse usering, disassembly, or..decompilation of this software, unless required by law for..interoperability, is prohibited.....The information contained herein is subject to change..without notice and is not warranted to be error-free. If you..find any errors, please report them to us in writing.....If this is software or related documentation that is..delivered to the U.S. Government or anyone licensing it on..behalf of the U.S. Government, the following notice is..applicable:...
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):41
                                                                                                                                                                                                            Entropy (8bit):4.271470906740504
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:3:c3AXFshzhRSkv:c9hzhgkv
                                                                                                                                                                                                            MD5:67CB88F6234B6A1F2320A23B197FA3F6
                                                                                                                                                                                                            SHA1:877ACEBA17B28CFFF3F5DF664E03B319F23767A1
                                                                                                                                                                                                            SHA-256:263E21F4B43C118A8B4C07F1A8ACB11CAFC232886834433E34187F5663242360
                                                                                                                                                                                                            SHA-512:4D43E5EDECAB92CEBD853204C941327DCCBFD071A71F066C12F7FB2F1B2DEF59C37A15CE05C4FE06EC2EA296B8630C4E938254A8A92E149E4A0A82C4307D648F
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Reputation:moderate, very likely benign file
                                                                                                                                                                                                            Preview:Please refer to http://java.com/license..
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):47
                                                                                                                                                                                                            Entropy (8bit):4.2563005536211715
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:3:c3AXFshzhRSkjn:c9hzhgkjn
                                                                                                                                                                                                            MD5:4BDA1F1B04053DCFE66E87A77B307BB1
                                                                                                                                                                                                            SHA1:B8B35584BE24BE3A8E1160F97B97B2226B38FA7D
                                                                                                                                                                                                            SHA-256:FD475B1619675B9FB3F5CD11D448B97EDDEE8D1F6DDCCA13DED8BC6E0CAA9CF3
                                                                                                                                                                                                            SHA-512:997CEE676018076E9E4E94D61EC94D5B69B148B3152A0148E70D0BE959533A13AD0BC1E8B43268F91DB08B881BF5050A6D5C157D456597260A2B332A48068980
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:Please refer to http://java.com/licensereadme..
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):111645
                                                                                                                                                                                                            Entropy (8bit):4.8590909329531025
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:1536:iiVRF8bLuepEvc5O5YwT3JJ4WOHHA/AFjrlHyEepdfZ9JIH4gDq:dRMiCOjJJ4pg/0Hx9MlZ9KH47
                                                                                                                                                                                                            MD5:0E05BD8B9BFCF17F142445D1F8C6561C
                                                                                                                                                                                                            SHA1:CF0A9F4040603008891AA0731ABF89CE2403F2FB
                                                                                                                                                                                                            SHA-256:C3EA3996241B8E9AE7DB3780E470174076FD2003D8AEFAA77BF0BAB5E04DE050
                                                                                                                                                                                                            SHA-512:07C7865D31D22BA0C68E384AFEDC22261F7B3A82BEBC9324145FF7F631623ECA2DC31C71CDBBFC9FEBC1733451A095302DE2A0877821A5B68038E350969BF460
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:.DO NOT TRANSLATE OR LOCALIZE....***************************************************************************....%%The following software may be included in this product:..Microsoft DirectShow - Base Classes....Use of any of this software is governed by the terms of the license below:....MSDN - Information on Terms of Use....Updated: February 13, 2008....ON THIS PAGE.... * ACCEPTANCE OF TERMS.. * PRIVACY AND PROTECTION OF PERSONAL INFORMATION.. * NOTICE SPECIFIC TO APIs AVAILABLE ON THIS WEB SITE.. * NOTICE SPECIFIC TO SOFTWARE AVAILABLE ON THIS WEB SITE.. * NOTICE SPECIFIC TO DOCUMENTATION AVAILABLE ON THIS WEB SITE.. * NOTICES REGARDING SOFTWARE, DOCUMENTATION, APIS AND SERVICES AVAILABLE ON..THIS WEB SITE.. * RESERVATION OF RIGHTS.. * MEMBER ACCOUNT, PASSWORD, AND SECURITY.. * NO UNLAWFUL OR PROHIBITED USE.. * USE OF SERVICES.. * MATERIALS PROVIDED TO MICROSOFT OR POSTED AT ANY MICROSOFT WEB SITE.. * NOTICES AND PROCEDURE FOR MAKING CLAIMS OF COP
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):180668
                                                                                                                                                                                                            Entropy (8bit):5.064180003233063
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:3072:54ct+BcF1N7m8arf1kHRSusX2NyJ9KH4PF4j52eTjLAzE7GzmCK+XNhalQxkM8QB:N7mtrf1GhMF4j5RMGQoyzaXmR
                                                                                                                                                                                                            MD5:0E87879F452892B85C81071A1DDD5A2A
                                                                                                                                                                                                            SHA1:2CF97C1A84374A6FBBD5D97FE1B432FA799C3B19
                                                                                                                                                                                                            SHA-256:9C18836FD0B5E4B0C57CFFDB74574FA5549085C3B327703DC8EFE4208F4E3321
                                                                                                                                                                                                            SHA-512:10BA68FFD9DEAB10A0B200707C3AF9E95E27AED004F66F049D41310CB041B7618EE017219C848912D5951599208D385BCB928DD33175652101C7E5BC2E3EBA5B
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:DO NOT TRANSLATE OR LOCALIZE...-----------------------------....%% This notice is provided with respect to ASM Bytecode Manipulation ..Framework v5.0.3, which may be included with JRE 8, and JDK 8, and ..OpenJDK 8.....--- begin of LICENSE ---....Copyright (c) 2000-2011 France T.l.com..All rights reserved.....Redistribution and use in source and binary forms, with or without..modification, are permitted provided that the following conditions..are met:....1. Redistributions of source code must retain the above copyright.. notice, this list of conditions and the following disclaimer.....2. Redistributions in binary form must reproduce the above copyright.. notice, this list of conditions and the following disclaimer in the.. documentation and/or other materials provided with the distribution.....3. Neither the name of the copyright holders nor the names of its.. contributors may be used to endorse or promote products derived from.. this software without specific prior written
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):983
                                                                                                                                                                                                            Entropy (8bit):5.135635144562017
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:24:+STATDcxWpAVjXQ5cjaJ2gjQo4OSED6R8R/TtDpM:+STATD7pqjXBeJdso4OnxRc
                                                                                                                                                                                                            MD5:3CB773CB396842A7A43AD4868A23ABE5
                                                                                                                                                                                                            SHA1:ACE737F039535C817D867281190CA12F8B4D4B75
                                                                                                                                                                                                            SHA-256:F450AEE7E8FE14512D5A4B445AA5973E202F9ED1E122A8843E4DC2D4421015F0
                                                                                                                                                                                                            SHA-512:6058103B7446B61613071C639581F51718C12A9E7B6ABD3CF3047A3093C2E54B2D9674FAF9443570A3BB141F839E03067301FF35422EB9097BD08020E0DD08A4
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:<html>..<head>..<title>..Welcome to the Java(TM) Platform..</title>..</head>..<body>....<h2>Welcome to the Java<SUP><FONT SIZE=-2>TM</FONT></SUP> Platform</h2>..<p> Welcome to the Java<SUP><FONT SIZE=-2>TM</FONT></SUP> Standard Edition Runtime .. Environment. This provides complete runtime support for Java applications. ..<p> The runtime environment includes the Java<SUP><FONT SIZE=-2>TM</FONT></SUP> .. Plug-in product which supports the Java environment inside web browsers. ..<h3>References</h3>..<p>..See the <a href="http://download.oracle.com/javase/7/docs/technotes/guides/plugin/">Java Plug-in</a> product..documentation for more information on using the Java Plug-in product...<p> See the <a href=.."http://www.oracle.com/technetwork/java/javase/overview/"..>Java Platform</a> web site for .. more information on the Java Platform. ..<hr>..<font size="-2">..Copyright (c) 2006, 2016, Oracle and/or its affiliates. All rights reserved...</font>..<p>..</body>..</html>..
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):14912
                                                                                                                                                                                                            Entropy (8bit):6.141852308272967
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:192:7pQMhM63XLPVT6MsMPapRuBUEp7nYe+PjPriT0fwtK:7muL7PV4aapRuBTp7nYPLr7J
                                                                                                                                                                                                            MD5:D63933F4E279A140CC2A941CCFF38348
                                                                                                                                                                                                            SHA1:75169BE2E9BCFE20674D72D43CA6E2BC4A5A9382
                                                                                                                                                                                                            SHA-256:532D049E0D7A265754902C23B0F150D665A78A3D6FE09AD51C9BE8C29D574A3D
                                                                                                                                                                                                            SHA-512:D7A5023A5EB9B0C3B2AD6F55696A166F07FA60F9D1A12D186B23AAAACC92EF948CB5DFFA013AFC90C4BBE3DE077D591185902384F677D0BAE2FF7CFD5DB5E06C
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Joe Sandbox View:
                                                                                                                                                                                                            • Filename: AYoF5MX6wK.exe, Detection: malicious, Browse
                                                                                                                                                                                                            • Filename: Confirm Me.exe, Detection: malicious, Browse
                                                                                                                                                                                                            • Filename: PInstaller.exe, Detection: malicious, Browse
                                                                                                                                                                                                            • Filename: 123.sfx.exe, Detection: malicious, Browse
                                                                                                                                                                                                            • Filename: EYOFFTITMDLXZJFFCCGFDTBIY.msi, Detection: malicious, Browse
                                                                                                                                                                                                            • Filename: SSCBOLGZFXVJMEICRNQMJOCDIF.msi, Detection: malicious, Browse
                                                                                                                                                                                                            • Filename: BOCTGZXINFFCD20242108.msi, Detection: malicious, Browse
                                                                                                                                                                                                            • Filename: PGCTGZXFCD20242008.msi, Detection: malicious, Browse
                                                                                                                                                                                                            • Filename: CloudInstaller.zip, Detection: malicious, Browse
                                                                                                                                                                                                            • Filename: uChcvn3L6R.exe, Detection: malicious, Browse
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........5.Z.[.Z.[.Z.[.A<..[.[.A<..Q.[.A<.._.[.S...X.[.Z.Z.D.[.A<..Y.[.A<..[.[.A<..[.[.A<..[.[.RichZ.[.................PE..L...yPjW...........!......................... .....m.........................`......em....@.........................`%......,"..P....@..x............"..@....P.. .... ............................... ..@............ ...............................text............................... ..`.rdata..d.... ......................@..@.data...`....0......................@....rsrc...x....@......................@..@.reloc..^....P....... ..............@..B........................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):14912
                                                                                                                                                                                                            Entropy (8bit):6.1347115439165085
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:192:0Usw4DPU3XLPVT6GsKOhWIutUinYe+PjPriT0fwyI8:ew7PVIKyWIutDnYPLr728
                                                                                                                                                                                                            MD5:B4EB9B43C293074406ADCA93681BF663
                                                                                                                                                                                                            SHA1:16580FB7139D06A740F30D34770598391B70AC96
                                                                                                                                                                                                            SHA-256:8CD69AF7171F24D57CF1E6D0D7ACD2B35B4EA5FDF55105771141876A67917C52
                                                                                                                                                                                                            SHA-512:A4E999E162B5083B6C6C3EAFEE4D84D1EC1C61DCA6425F849F352FFDCCC2E44DFEE0625C210A8026F9FF141409EEBF9EF15A779B26F59B88E74B6A2CE2E82EF9
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........5.Z.[.Z.[.Z.[.A<..[.[.A<..Q.[.A<.._.[.S...X.[.Z.Z.D.[.A<..Y.[.A<..[.[.A<..[.[.A<..[.[.RichZ.[.................PE..L...zPjW...........!......................... .....m.........................`.......2....@.........................`%......,"..P....@..p............"..@....P.. .... ............................... ..@............ ...............................text............................... ..`.rdata..a.... ......................@..@.data...`....0......................@....rsrc...p....@......................@..@.reloc..^....P....... ..............@..B........................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):128064
                                                                                                                                                                                                            Entropy (8bit):6.428684952829155
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:3072:uN77TJSG78+5Orcj5K/e2Hrgc6kZAn1yEkBKMKy1Zf22QYHJiuzTl8ShzzM+64mn:uNXd178+5fJZnQLo
                                                                                                                                                                                                            MD5:2F808ED0642BD5CF8D4111E0AF098BBB
                                                                                                                                                                                                            SHA1:006163A07052F3D227C2E541691691B4567F5550
                                                                                                                                                                                                            SHA-256:61DFB6126EBA8D5429F156EAAB24FF30312580B0ABE4009670F1DD0BC64F87BB
                                                                                                                                                                                                            SHA-512:27DBDA3A922747A031FF7434DE5A596725FF5AE2BC6DD83D6D5565EB2BA180B0516896323294459997B545C60C9E06DA6C2D8DD462A348A6759A404DB0F023A7
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........[d.@:.N@:.N@:.N[..NB:.N[..NB:.N[..NK:.NIB.NE:.N@:.N{:.N[..NG:.N[..NA:.N[..NA:.N[..NA:.NRich@:.N........PE..L...rPjW...........!................#..............m................................p.....@.........................p...........P.......x...............@...........................................p...@............................................text............................... ..`.rdata..............................@..@.data...............................@....rsrc...x...........................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):127552
                                                                                                                                                                                                            Entropy (8bit):6.413283221897154
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:3072:SdQ4jWJt4XChlFavveKSQ4gHK/e2Hrgc6kZAn1y1koKMKy1Zf22QYHJiuzTl8ShM:Sy4SJ1TFavvehc7ZnwEr
                                                                                                                                                                                                            MD5:C3DED5F41E28FAF89338FB46382E4C3E
                                                                                                                                                                                                            SHA1:6F77920776D39550355B146D672C199A3941F908
                                                                                                                                                                                                            SHA-256:4691603DFABE6D7B7BEAC887DADC0E96243C2FF4F9A88CE3793E93356C53AA08
                                                                                                                                                                                                            SHA-512:23621F2856899F40CFA9858DC277372BFE39F0205377543EB23E94422D479A53FDF664F4A9A4515C2285811F01D91AB64A834A03A4D3AB0CB7D78F8AF11135FF
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........[d.@:.N@:.N@:.N[..NB:.N[..NB:.N[..NK:.NIB.NE:.N@:.N{:.N[..NG:.N[..NA:.N[..NA:.N[..NA:.NRich@:.N........PE..L...sPjW...........!...............................m......................................@.........................@...........P.......p...............@...........................................H...@............................................text...n........................... ..`.rdata..............................@..@.data...............................@....rsrc...p...........................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):97856
                                                                                                                                                                                                            Entropy (8bit):6.467907542894502
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:1536:/fHGbDtpt+WfGegcX30EJ4YHiYmRkgAPe+GP8uWg1kQOPt:/w2WfGe/30EWbY4Z+GpWuHOPt
                                                                                                                                                                                                            MD5:F78D2BF2C551BE9DF6A2F3210A2964C1
                                                                                                                                                                                                            SHA1:B6A4160ECA4C0D0552234FF69BCFDF45F0A2A352
                                                                                                                                                                                                            SHA-256:9D18E5421A8606985FA54D7CEA921D1B8930358A2E4CDF5FDF2A8B3E4D857288
                                                                                                                                                                                                            SHA-512:AAC8622683BE57518F8B03198A03BF1F760E082692C1FB6252E96CDBA19D3CEB0A6786CCBD7B98830E865297308FA99DBBEA464E41041ABDDA18AEB862BA993F
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......./zR/k.<|k.<|k.<|p..|{.<|p..|2.<|bc.|n.<|k.=|7.<|p..|O.<|p..|j.<|p..|j.<|p..|j.<|Richk.<|........................PE..L...pPjW...........!................At.............p................................7P....@..........................9..A....1..<....................f..@............................................,..@...............@............................text...\........................... ..`.rdata..Qg.......h..................@..@.data...`,...P.......8..............@....rsrc................F..............@..@.reloc..J............N..............@..B........................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):95808
                                                                                                                                                                                                            Entropy (8bit):6.48897048228647
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:1536:EHSB4i2hJwZaDEoDVzkhbyJCAqn9nV+1vkJnHBoY8BK5Hj:EJJwZWEoDVYby81yiBovkHj
                                                                                                                                                                                                            MD5:E5A6231FE1E6FEC5F547DFD845D209BC
                                                                                                                                                                                                            SHA1:3F21F90ECC377B6099637D5B59593D2415450D45
                                                                                                                                                                                                            SHA-256:51355EA8A7DC238483C8069361776103779CE9FE3CD0267770E321E6E4368366
                                                                                                                                                                                                            SHA-512:D5D20DF0089F3217B627D39ABD57C61E026D0DC537022FB698F85FA6893C7FA348C40295DEEC78506F0EF608827D39E2F6F3538818BA25E2A0EE1145FCC95940
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......./zR/k.<|k.<|k.<|p..|{.<|p..|2.<|bc.|n.<|k.=|7.<|p..|O.<|p..|j.<|p..|j.<|p..|j.<|Richk.<|........................PE..L...qPjW...........!................!o.............p......................................@.........................p7..>...<0..<.......x............^..@...........................................(+..@...............@............................text...<........................... ..`.rdata...e.......f..................@..@.data...`,...P.......0..............@....rsrc...x............>..............@..@.reloc..J............F..............@..B........................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):1182272
                                                                                                                                                                                                            Entropy (8bit):6.63089480914076
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:24576:68M4H6ioDs5FELnSbY6Ck2IlAnVCXQlFg3:9eaGnkXQlFQ
                                                                                                                                                                                                            MD5:159CCF1200C422CED5407FED35F7E37D
                                                                                                                                                                                                            SHA1:177A216B71C9902E254C0A9908FCB46E8D5801A9
                                                                                                                                                                                                            SHA-256:30EB581C99C8BCBC54012AA5E6084B6EF4FCEE5D9968E9CC51F5734449E1FF49
                                                                                                                                                                                                            SHA-512:AB3F4E3851313391B5B8055E4D526963C38C4403FA74FB70750CC6A2D5108E63A0E600978FA14A7201C48E1AFD718A1C6823D091C90D77B17562B7A4C8C40365
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Q.Q...?...?...?......?.......?.......?.z...?.......?.......?...>.;.?.....s.?.....w.?.......?.......?.......?.Rich..?.........................PE..L...nPjW...........!................,G.............m.........................P......Y.....@.................................,{...........N..............@....P......................................v..@............... ....V..`....................text...<........................... ..`.rdata.............................@..@.data...8....@...~...2..............@....rsrc....N.......P..................@..@.reloc.......P......................@..B........................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):15424
                                                                                                                                                                                                            Entropy (8bit):6.380726588633652
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:1Td3hw/L3kKLnYgIOGOOssnPV5Lnf6onYPLr7EbH:1zw/bkKLt7KnddnfPC7S
                                                                                                                                                                                                            MD5:A46289384F76C2A41BA7251459849288
                                                                                                                                                                                                            SHA1:4D8EF96EDBE07C8722FA24E4A5B96EBFA18BE2C4
                                                                                                                                                                                                            SHA-256:728D64BC1FBF48D4968B1B93893F1B5DB88B052AB82202C6840BF7886A64017D
                                                                                                                                                                                                            SHA-512:34D62BEB1FA7D8630F5562C1E48839CE9429FAEA980561E58076DF5F19755761454EEB882790EC1035C64C654FC1A8CD5EB46ECA12E2BC81449ACBB73296C9E8
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........6...W..W..W../x.W...w.W..W..W....s.W...u.W...@.W...A.W...p.W...q.W...v.W..Rich.W..........................PE..L...nPjW...........!......................... .....m.........................`.......9....@..........................'......|$..<....@...............$..@....P....... ..............................8#..@............ ...............................text............................... ..`.rdata..v.... ......................@..@.data...p....0......................@....rsrc........@......................@..@.reloc.......P......."..............@..B........................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):1447
                                                                                                                                                                                                            Entropy (8bit):4.228834598358894
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:24:+3AKdmzfuv6pBSyGJkR/4o6kn2SRGehD+GrspGC/hLRra:BzMUBLGJkBA+RGeV+GrspGC/TO
                                                                                                                                                                                                            MD5:F4188DEB5103B6D7015B2106938BFA23
                                                                                                                                                                                                            SHA1:8E3781A080CD72FDE8702EB6E02A05A23B4160F8
                                                                                                                                                                                                            SHA-256:BD54E6150AD98B444D5D24CEA9DDAFE347ED11A1AAE749F8E4D59C963E67E763
                                                                                                                                                                                                            SHA-512:0BE9A00A48CF8C7D210126591E61531899502E694A3C3BA7C3235295E80B1733B6F399CAE58FB4F7BFF2C934DA7782D256BDF46793F814A5F25B7A811D0CB2E3
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview: -Xmixed mixed mode execution (default).. -Xint interpreted mode execution only.. -Xbootclasspath:<directories and zip/jar files separated by ;>.. set search path for bootstrap classes and resources.. -Xbootclasspath/a:<directories and zip/jar files separated by ;>.. append to end of bootstrap class path.. -Xbootclasspath/p:<directories and zip/jar files separated by ;>.. prepend in front of bootstrap class path.. -Xnoclassgc disable class garbage collection.. -Xincgc enable incremental garbage collection.. -Xloggc:<file> log GC status to a file with time stamps.. -Xbatch disable background compilation.. -Xms<size> set initial Java heap size.. -Xmx<size> set maximum Java heap size.. -Xss<size> set java thread stack size.. -Xprof output cpu profiling data.. -Xfuture enable strictest checks, an
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):3857984
                                                                                                                                                                                                            Entropy (8bit):6.850425436805504
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:98304:GyXul1SNceWfkD000V3wnIACM7g6cv/GZ:Q1SgfEP0ZwnIA97dcv/GZ
                                                                                                                                                                                                            MD5:39C302FE0781E5AF6D007E55F509606A
                                                                                                                                                                                                            SHA1:23690A52E8C6578DE6A7980BB78AAE69D0F31780
                                                                                                                                                                                                            SHA-256:B1FBDBB1E4C692B34D3B9F28F8188FC6105B05D311C266D59AA5E5EC531966BC
                                                                                                                                                                                                            SHA-512:67F91A75E16C02CA245233B820DF985BD8290A2A50480DFF4B2FD2695E3CF0B4534EB1BF0D357D0B14F15CE8BD13C82D2748B5EDD9CC38DC9E713F5DC383ED77
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......$=.$`\.w`\.w`\.w{.Twb\.w..Pwf\.w{.Vwl\.w{.bwl\.wi$[wo\.w`\.w}].w{.cw-^.w{.Swa\.w{.Rwa\.w{.Uwa\.wRich`\.w........PE..L...nPjW...........!......,...........+.......,....m..........................<......q;...@...........................4.......4.......9.(.............:.@.... 9..G....,..............................t2.@.............,.P............................text.....+.......,................. ..`.rdata..Y.....,.......,.............@..@.data...d.....5..*....4.............@....rsrc...(.....9......"7.............@..@.reloc..\.... 9......(7.............@..B........................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):142912
                                                                                                                                                                                                            Entropy (8bit):7.350682736920136
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:3072:aoGzTjLkRPQ9U9NuLqcNicj5ojGylYCE2Iu2jGLF5A9bE8LUekfCz:LGz/oRPGLJN1IGgYCE2L1F5A9bEGUeR
                                                                                                                                                                                                            MD5:4BDC32EF5DA731393ACC1B8C052F1989
                                                                                                                                                                                                            SHA1:A677C04ECD13F074DE68CC41F13948D3B86B6C19
                                                                                                                                                                                                            SHA-256:A3B35CC8C2E6D22B5832AF74AAF4D1BB35069EDD73073DFFEC2595230CA81772
                                                                                                                                                                                                            SHA-512:E71EA78D45E6C6BD08B2C5CD31F003F911FD4C82316363D26945D17977C2939F65E3B9748447006F95C3C6653CE30D2CDA67322D246D43C9EB892A8E83DEB31A
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........k..K.c.K.c.K.c.Br..I.c.P...H.c.P...I.c.P...N.c.K.b.m.c.P...m.c.P...J.c.P...J.c.P...J.c.RichK.c.........................PE..L...nPjW...........!.........Z......V.............Sm.........................@.......!....@.................................<...P.... ..................@....0..........................................@............................................text...n........................... ..`.rdata........... ..................@..@.data....+.......(..................@....rsrc........ ......................@..@.reloc.......0......................@..B................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):64064
                                                                                                                                                                                                            Entropy (8bit):6.338192715882019
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:1536:Skh2CQuUlng7qkKi5iO8pm8cN9qOU33oit:Skkhu0nTli5jN8cNAOUHnt
                                                                                                                                                                                                            MD5:B04ABE76C4147DE1D726962F86473CF2
                                                                                                                                                                                                            SHA1:3104BADA746678B0A88E5E4A77904D78A71D1AB8
                                                                                                                                                                                                            SHA-256:07FF22E96DCFD89226E5B85CC07C34318DD32CDA23B7EA0474E09338654BFEB3
                                                                                                                                                                                                            SHA-512:2E4E2FEB63B6D7388770D8132A880422ABF6A01941BFF12CAD74DB4A641BDA2DCC8BF58F6DAE90E41CC250B79E7956DDF126943E0F6200272F3376A9A19505F1
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......?...{.|.{.|.{.|..N..y.|.{.}.g.|.v.x.|.v.y.|.v.w.|.v.y.|....Z.|....z.|.v.z.|....z.|.Rich{.|.........................PE..L...nPjW...........!......... ......_.............Vm......................... .......*....@.....................................<.......................@...........................................(...@...............t............................text............................... ..`.rdata..............................@..@.data...\...........................@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):453184
                                                                                                                                                                                                            Entropy (8bit):6.516599034237354
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:6144:3J/sbugq7rm5zX2JDYfiA9+wvpsEWcIGnFm8iTFOBITfnvxIW1x8:3JUbzq+5zX25qvdfnFm88nvq+x8
                                                                                                                                                                                                            MD5:5EDAEFFC60B5F1147068E4A296F6D7FB
                                                                                                                                                                                                            SHA1:7D36698C62386449A5FA2607886F4ADF7FB3DEEF
                                                                                                                                                                                                            SHA-256:87847204933551F69F1CBA7A73B63A252D12EF106C22ED9C561EF188DFFCBAE8
                                                                                                                                                                                                            SHA-512:A691EF121D3AC17569E27BB6DE4688D3506895B1A1A8740E1F16E80EEFCE70BA18B9C1EFD6FD6794FAFC59BA2CAF137B4007FCDC65DDB8BCBFCF42C97B13535B
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........T...:...:...:.......:.e....:......:......:.....:....:....:...;.`.:......:.......:.......:.......:.Rich..:.................PE..L...oPjW...........!.........:......n.............Xm................................-.....@.........................@...\6..............................@.......|8..................................Xh..@...............X...8........................text............................... ..`.rdata...;.......<..................@..@.data...............................@....rsrc...............................@..@.reloc..ZE.......F..................@..B................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):25152
                                                                                                                                                                                                            Entropy (8bit):6.627329311560644
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:0mgNWEfK0RiC4qxJL8VI6ZEPG5Vv/11nYPLr7N:H6WmK0RiSxJ4VI6W+zbC7N
                                                                                                                                                                                                            MD5:72B7054811A72D9D48C95845F93FCD2C
                                                                                                                                                                                                            SHA1:D25F68566E11B91C2A0989BCC64C6EF17395D775
                                                                                                                                                                                                            SHA-256:D4B63243D1787809020BA6E91564D17FFEA4762AF99201E241F4ECD20108D2E8
                                                                                                                                                                                                            SHA-512:C6A16DAAF856939615DFDE8E9DBE9D5BFC415507011E85E44C6BF88B17B705C35CD7CED8EDA8F358745063F41096938D128DEE17E14FE93252E5B046BDFCDDC0
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........%..cK.cK.cK....cK....cK.cJ.cK....cK....cK....cK....cK....cK....cK.Rich.cK.........PE..L...nPjW...........!.....*...........4.......@....|m................................:6....@.........................0M.......H..<....p...............J..@............A...............................F..@............@...............................text....).......*.................. ..`.rdata.......@......................@..@.data........`.......@..............@....rsrc........p.......B..............@..@.reloc..z............F..............@..B................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):21568
                                                                                                                                                                                                            Entropy (8bit):6.601333059222365
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:QwiAYZIxsQbbRLEs5Ltd7rpPVJfq0nYPLr7Ko+:BiPZj+bVEmtd7rpdJfnC7J+
                                                                                                                                                                                                            MD5:73603BF0DC85CAA2F4C4A38B9806EC82
                                                                                                                                                                                                            SHA1:74EBC4F158936842840973F54AF50CDF46BC9096
                                                                                                                                                                                                            SHA-256:39EF85AB21F653993C8AAAB2A487E8909D6401A21F27CBA09283B46556FB16AF
                                                                                                                                                                                                            SHA-512:5C238D677D458D5B7D43FA3FF424E13B62ABFCEDE66D55E3112DC09BF2F7B640EB8F82D00E41A2C7A7E7B36E3FCE3C2DCB060037314418D329466CC462D0BF71
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......x..<...<...<...'<8.>...'<:.>...'<..>...<...v...5.7.9...'<..1...'<?.=...'<>.=...'<9.=...Rich<...........................PE..L...nPjW...........!.................&.......0....}m................................F.....@..........................A..U....<..P....`...............<..@....p......@1..............................x;..@............0..(............................text............................... ..`.rdata.......0....... ..............@..@.data........P.......2..............@....rsrc........`.......4..............@..@.reloc.......p.......8..............@..B................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):827456
                                                                                                                                                                                                            Entropy (8bit):6.022966185458799
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:24576:E0NweWDjb28WNjE/lBy/pUbS3lYMpQIRrAOh3:7Wb5By/pUbouAQIRHh3
                                                                                                                                                                                                            MD5:E741028613B1FC49EC5A899BE6E3FC34
                                                                                                                                                                                                            SHA1:9EAE3D3CA22E92A925395A660B55CECB2EB62D54
                                                                                                                                                                                                            SHA-256:9163A546696E581D443B3A6250F61E5368BE984C69ADFB54EE2B0E51D0FA008E
                                                                                                                                                                                                            SHA-512:05C6CE707F4F0F415E74D32F1AACEC7E2C7746C3D04C75502EAECAFAF9E0108CE6206A8A3939C92EDCE449FFC0A68FB4389EDAA93D61920D1EC85327D1B3A55A
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Vu.'...t...t...t..Tt...t.lIt...t.lYt...t...t...t}bat...t..`t...t..at{..t..Qt...t..Pt...t..Wt...tRich...t................PE..L...pPjW...........!................T.............`m.....................................@.........................................P..................@....p..\^.....................................@...............X...........................text...,........................... ..`.rdata..8...........................@..@.data....t.......R..................@....rsrc........P......................@..@.reloc..zr...p...t..................@..B................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):907328
                                                                                                                                                                                                            Entropy (8bit):6.160830535423145
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:24576:ZyWOeRjqm9ZRI+Ga+fme7CV93+x6FQ3ge:VRAeMme7kA6F6ge
                                                                                                                                                                                                            MD5:4FD3548990CAF9771B688532DEF5DE48
                                                                                                                                                                                                            SHA1:567C27A4EA16775085D8E87A38FE58BEC4463F7D
                                                                                                                                                                                                            SHA-256:BDE5DF7BCFC35270B57A8982949BF5F25592A2E560A04E9868B84BEF83A0EA4B
                                                                                                                                                                                                            SHA-512:FD2CF2072A786293E30CD495BA06F4734F0CEA63CBC49B6D7A24F6891612375E48D1B5758D9408625E769E8A81C7C34F04278E011BCF47EDEB8C2AFC13AEC20C
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............x...x...x....k..x...._..x....v..x....f..x...x...y....^..x....^..x....n..x....o..x....h..x..Rich.x..........................PE..L...nPjW...........!.................D.......0....mm................................t.....@..........................>......."..........................@........c...5..............................p...@............0..4............................text............................... ..`.rdata..T....0......................@..@.data...$Y...@...6...,..............@....rsrc................b..............@..@.reloc...g.......h...X..............@..B........................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):109120
                                                                                                                                                                                                            Entropy (8bit):5.986571003903383
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:1536:LE9WcstxlDgZ9EYDKg0nc6N3MR+EpOB+o+5PVT/B:ghspgZPDanhs+EpOBF+5PFB
                                                                                                                                                                                                            MD5:A5455B9BEB5672D89B1F0FCFAA4C79CA
                                                                                                                                                                                                            SHA1:9C7DBB5AD1CB3EBE7347A9CDDD80389902DA81EC
                                                                                                                                                                                                            SHA-256:89A429889DCD0F6A3FE56217A0FEB5912132AAB2817643021EAE3716DA533D4A
                                                                                                                                                                                                            SHA-512:131866A4754F4AF78A94F0776815E7EA4375736A4B11A723B87A4436FA101D271FFE14E4B49D3AB1AE2FA61CDBDED0C3D174C75327BE3C24E0E4CC39AFFA9469
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........ot....Z...Z...Z..Z...ZC@.Z...Z..Z...Z..Z...Z.v.Z...Z.v.Z...Z...Z...Z.x.Z...Z..Z...Z..Z...Z..Z...Z..Z...ZRich...Z........................PE..L...oPjW...........!..............................~m......................................@.........................P...J............0...t..............@...........P...............................0...@............... ...d...`....................text............................... ..`.rdata...D.......F..................@..@.data...0...........................@....rsrc....t...0...v..................@..@.reloc...............|..............@..B........................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):223296
                                                                                                                                                                                                            Entropy (8bit):6.501845596055873
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:6144:8P8OC0xbNXLJAEh4hijzud6kAgZkFGMReiDfbgOBI1:8P8OC0xbNXLJAEh4hijzud6kAgYGSA
                                                                                                                                                                                                            MD5:9D5EDECF7E33DDD0E2A6A0D34FC12CA1
                                                                                                                                                                                                            SHA1:FC228A80FF85D78AA5BFBA2515EFED3257B9B009
                                                                                                                                                                                                            SHA-256:6D817519C2E2EFDD3986EB655C1F687D4774730AB20768DF1C0AAEF03B110965
                                                                                                                                                                                                            SHA-512:B4D58D3415D0255DCD87EF413762BC0F2934AAA6C8151344266949D3DD549ABDCA1366FA751A988CDDC1430EBF5D17668ADF02096DD4D5EAFE75604C0DA0B4C9
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......wG.s3&. 3&. 3&. .h. 0&. (.. 6&. :^. ;&. (.. 4&. 3&. n&. (.4 n&. (.5 "&. (.. 2&. (.. 2&. (.. 2&. Rich3&. ........PE..L...oPjW...........!.........~.....................m.................................e....@......................... ;.......1.......`...............P..@....p......................................@...@............................................text............................... ..`.rdata...O.......P..................@..@.data........@.......,..............@....rsrc........`.......8..............@..@.reloc..L....p.......<..............@..B........................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):151104
                                                                                                                                                                                                            Entropy (8bit):6.548096027649263
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:3072:PPuiQNBInyjJ2y53/5d8n9e/ry7zOAHpyWWJd1u2TeKSNlGFGZQfVN2:iBInu2y5P5dkeDy7zOUpLJ2mHZQf2
                                                                                                                                                                                                            MD5:7A710F90A74981C2F060FA361D094822
                                                                                                                                                                                                            SHA1:FBDCA4E3F19AD5201572974E3C772A3C2694FBB3
                                                                                                                                                                                                            SHA-256:9BC52058C02E0C87A6A9470C62D1AA4F998942CC00F99A82E7805E87D958BC16
                                                                                                                                                                                                            SHA-512:928708DFF6A372BA997C072238823469CBFD28CCBB17A723AD35F851D35C6EFF82748AA41A9215955B9536A14AA57D47ABE0F1BA00D11F8D920A57F91B7A35E5
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........................5......7.....................&.......8.......#.....5.........................4......3.....6.....Rich....................PE..L...oPjW...........!................g..............m.........................p............@.........................0...P............@...............6..@....P..........................................@...............4............................text............................... ..`.rdata...g.......h..................@..@.data........0......................@....rsrc........@......................@..@.reloc.......P......................@..B................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):200768
                                                                                                                                                                                                            Entropy (8bit):6.431501859060678
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:3072:lC0MaRHVsSduCCkNlKpR1FHNnuNcCwJPT54l2B3Fzkmldrz5ZD9hYJOj9T3iRK:s0XR1sYtxgGl2B3uWjhYJOj9TSY
                                                                                                                                                                                                            MD5:434CBB561D7F326BBEFFA2271ECC1446
                                                                                                                                                                                                            SHA1:3D9639F6DA2BC8AC5A536C150474B659D0177207
                                                                                                                                                                                                            SHA-256:1EDD9022C10C27BBBA2AD843310458EDAEAD37A9767C6FC8FDDAAF1ADFCBC143
                                                                                                                                                                                                            SHA-512:9E37B985ECF0B2FEF262F183C1CD26D437C8C7BE97AA4EC4CD8C75C044336CC69A56A4614EA6D33DC252FE0DA8E1BBADC193FF61B87BE5DCE6610525F321B6DC
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............g_..g_..g_..._..g_..._..g_..._..g_..._..g_aT._..g_aT._..g_aT._..g_..f_..g_..._..g_.._..g_.._..g_..._..g_.._..g_Rich..g_........................PE..L...oPjW...........!...............................m.........................0............@..........................l..................X&..............@........(......................................@...............<....^.......................text...\........................... ..`.rdata..............................@..@.data...\"..........................@....rsrc...X&.......(..................@..@.reloc...(.......*..................@..B................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):400960
                                                                                                                                                                                                            Entropy (8bit):6.165546757090391
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:6144:vxDvEpBGH7t7PB7Es7va/QdqOBYswIprNWhk+URpxfu4w7J:tvEpBGH7pN57vwQd6swIp5WhkRlfu4CJ
                                                                                                                                                                                                            MD5:767BBA46789597B120D01E48A685811E
                                                                                                                                                                                                            SHA1:D2052953DDE6002D590D0D89C2A052195364410A
                                                                                                                                                                                                            SHA-256:218D349986E2A0CD4A76F665434F455A8D452F1B27EAF9D01A120CB35DA13694
                                                                                                                                                                                                            SHA-512:86F7F7E87514DBC62C284083D66D5F250A24FC5CD7540AF573C3FB9D47B802BE5FFBBC709B638F8E066AB6E4BB396320F6E65A8016415366799C74772398B530
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......j..'..{t..{t..{t.g.t).{t#..t-.{t#..t".{t#..t".{t#..t,.{tS..ty.{t.8.t".{t..zt..{tS..t/.{t#..t/.{tS..t/.{tRich..{t................PE..L...oPjW...........!.....V...........=.......p.....m.........................P............@.............................^...............................@.... ..h'......................................@............p...............................text....T.......V.................. ..`.rdata...j...p...l...Z..............@..@.data.... ..........................@....rsrc...............................@..@.reloc..h'... ...(..................@..B........................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):514112
                                                                                                                                                                                                            Entropy (8bit):6.805344203686025
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:12288:Y5JbfdT5NYGe8m51QSWvopH1kdMDbA2ZoNnYX:Y5JV7eB3KopvnAe2YX
                                                                                                                                                                                                            MD5:8D0CE7151635322F1FE71A8CEA22A7D6
                                                                                                                                                                                                            SHA1:81E526D3BD968A57AF430ABB5F55A5C55166E579
                                                                                                                                                                                                            SHA-256:43C2AC74004F307117D80EE44D6D94DB2205C802AE6F57764810DEE17CFC914D
                                                                                                                                                                                                            SHA-512:3C78C0249B06A798106FEAF796AA61D3A849F379BD438BF0BB7BFED0DC9B7E7EA7DE689BC3874ED8B97FF2B3BA40265DED251896E03643B696EFDBF2E01AC88C
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........Es.J$..J$..J$....N$..Gv..I$..Gv.G$..Gv..G$..Gv..H$..7]..%$.....B$..7]..H$..J$...%..7]..K$..Gv.K$..7].K$..RichJ$..........PE..L...pPjW...........!................g..............m......................................@..........................F.......I..........................@.......lT...................................E..@............................................text............................... ..`.rdata..............................@..@.data....0...`..."...D..............@....rsrc................f..............@..@.reloc..lT.......V...j..............@..B........................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):132672
                                                                                                                                                                                                            Entropy (8bit):6.708436670828807
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:3072:HGBc2vf2AWlvx+Kre9vVv3CoLORljxWEXyB/NK3GyNf9:mxvffVvyo0X8NKW+1
                                                                                                                                                                                                            MD5:6376B76728E4A873B2BB7233CBCD5659
                                                                                                                                                                                                            SHA1:3BE08074527D5B5BC4A1DDCEC41375E3B3A8A615
                                                                                                                                                                                                            SHA-256:4FDF86D78ABC66B44B8AFF4BBCE1F2A5D6D9900767BE3CAAE450409924DBC5AD
                                                                                                                                                                                                            SHA-512:955E7C5AB735183B491A753710B6F598A142A2876DDAE5AD301C3DA82A65CE82238E0F20C9F558F80138D58F8DC00B4EBD21483CEED0AABEEDA32CCA5D2E3D48
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........vu^............8Y...............................o..............................................Rich............................PE..L...oPjW...........!.....z...x......_..............m......................... ......^.....@.............................i...|...d.......................@........................................... ...@...............d............................text...Ny.......z.................. ..`.rdata...N.......P...~..............@..@.data...............................@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):115776
                                                                                                                                                                                                            Entropy (8bit):6.787384437276838
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:1536:0LHPDcdivqC4xMfl/hAxfZ/t0QHQIM7iVxoQCpGlyir0wIOfnToIfemrVZQirM:0rPDco4xMNEfZ1LQG4igmvTBfem7QcM
                                                                                                                                                                                                            MD5:AB6ED0CFD0C52DBEDE1BE910EFA8A89B
                                                                                                                                                                                                            SHA1:83CBC2746A50C155261407ECE3D7A5C58AAD0437
                                                                                                                                                                                                            SHA-256:8A6FBB08E0F418A3BB80CC65233E7270C820741DD57525ED7FD3CC479A49396E
                                                                                                                                                                                                            SHA-512:41773183FC20E42BF208064163AA55658692B9221560146E4F6A676F96FC76541ED82F1EFDFA31F8C25BA42F271F7D9087DE681DA937BBF0EB2C781E027F1218
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........g0...c...c...c..c...c...c...cP..c...c.|.c...c.|.c...c.|.c...c.|.c...c.|.c...c.|.c...cRich...c........PE..L...oPjW...........!........................0.....m......................................@.........................@.......|...(.......................@...........p1.............................. ...@............0..0............................text...L........................... ..`.rdata...f...0...h..................@..@.data....,..........................@....rsrc...............................@..@.reloc..Z...........................@..B................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):16448
                                                                                                                                                                                                            Entropy (8bit):6.490137326885244
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:WCMJqfiSZzDonPV5TyVIbb8nYPLr7VblXT:WLJqrNkndQIsC7Vhj
                                                                                                                                                                                                            MD5:1F004C428E01F8BEB07B52EB9659A661
                                                                                                                                                                                                            SHA1:4D6AAB306CB1F4925890BF69FCDF32BBFE942B81
                                                                                                                                                                                                            SHA-256:1BDEFECDF8CFA3F6DA606AD4D8BD98EC81E4A244D459A141723CCB9DC47E57CB
                                                                                                                                                                                                            SHA-512:61888A778394950D2840E4D211196FFE1CB18FA45D092CBADBEDF2809BDED3D4421330CFE95392DD098E4AE3F6F8A3070E273FFCA2FB495C43C76332CA331DBF
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3...w.x^w.x^w.x^...^v.x^l..^u.x^l..^u.x^l..^u.x^~..^r.x^w.y^[.x^l..^y.x^l..^v.x^l..^v.x^l..^v.x^Richw.x^........PE..L...oPjW...........!.........................0.....m.........................p.......!....@..........................7.......2..P....P...............(..@....`..`....0..............................`1..@............0...............................text............................... ..`.rdata.......0......................@..@.data...h....@....... ..............@....rsrc........P......."..............@..@.reloc.......`.......&..............@..B........................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):51264
                                                                                                                                                                                                            Entropy (8bit):6.576803205025954
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:1536:urOHh9t7/GAzqHcGxAARrZT9ixHDyo/r0rV9LrBH1bjPEwhEdheBwHWQFgE/XudL:G+9t7/qHcGHuy/pb
                                                                                                                                                                                                            MD5:3A744B78C57CFADC772C6DE406B6B31E
                                                                                                                                                                                                            SHA1:A89BF280453C0BCF8C987B351C168AEB3D7F7141
                                                                                                                                                                                                            SHA-256:629393079539B1B9849704CE4757714D1CBE5C80E82C6BB3BC4445F4854EFA7B
                                                                                                                                                                                                            SHA-512:506A147F33C09FA7338E0560F850E42139D0875EF48C297DDB3CC3A29F12822011915FACCB21DA908CF51A462F0EBA56B6B37C71D9C0F842BDE4A697FB4FFB64
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......O^;w.?U$.?U$.?U$.G.$.?U$...$.?U$.?T$&?U$...$.?U$...$.?U$...$.?U$...$.?U$...$.?U$...$.?U$Rich.?U$........................PE..L...oPjW...........!.....v...8......l..............m................................O1....@.............................u...|...<.......................@.......................................... ...@............................................text...~t.......v.................. ..`.rdata...'.......(...z..............@..@.data...............................@....rsrc...............................@..@.reloc..V...........................@..B................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):19520
                                                                                                                                                                                                            Entropy (8bit):6.452867740862137
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:45kF/QP8xkI6hgWIE0PVlyJSZ9nYPLr7+:4SqP7I6rkd4EfC7+
                                                                                                                                                                                                            MD5:503275E515E3F2770A62D11E386EADBF
                                                                                                                                                                                                            SHA1:C7BE65796AA0E490779F202C67EEC5E9FBB65113
                                                                                                                                                                                                            SHA-256:97B5D1C8E7AAACE5C86A418CB7418D3B0BA4F5E178DE3CF1031029F7F36832AF
                                                                                                                                                                                                            SHA-512:AC7C0CB626C2D821F0F4E392EE4E02C9E0093F019AA5B2947E0C7B3290A0098A3D9BB803AB44FD304CA1F1D272CFB7B775E3C75C72C7523FF7240F38440CFC3C
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......."..|fl./fl./fl./}.(/dl./}.*/gl./}../dl./o.'/al./fl./_l./}../kl./}.//gl./}../gl./}.)/gl./Richfl./................PE..L...pPjW...........!.........................0.....m.........................p............@..........................=.......8..d....P...............4..@....`..\....1...............................6..@............0...............................text............................... ..`.rdata..w....0......................@..@.data...`....@.......*..............@....rsrc........P.......,..............@..@.reloc.......`.......0..............@..B........................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):30784
                                                                                                                                                                                                            Entropy (8bit):6.413942547146628
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:768:+HhfWinfwUFAvnb5TIUX+naSOu9MQQ5jhC7EY:cuin5FAvNTIUX+nbMQQ54EY
                                                                                                                                                                                                            MD5:530D5597E565654D378F3C87654CCABA
                                                                                                                                                                                                            SHA1:6FAC0866EE0E68149AC0A0D39097CEF8F93A5D9E
                                                                                                                                                                                                            SHA-256:0CFAA99AE669DDC00BD59B5857F725DFF5D4C09834E143AB1B5C5F0B5801D13B
                                                                                                                                                                                                            SHA-512:D7520A28C3054160FCD62C9D816A27266BE9333E00794434FB4529F0FF49A2B08E033B5E67A823E5C184EE2D19D7F615FF9EE643FE71C84011A7E5C03251F3B4
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............I...I...I..HI...I..JI...I..~I...I..GI...I...I..I...I...I..NI...I..II...IRich...I........PE..L....DjW.................0...,.......1.......@....@..................................<....@.................................dR..x....p...............`..@.......t....A...............................P..@............@..p............................text............0.................. ..`.rdata.......@.......4..............@..@.data........`.......N..............@....rsrc........p.......P..............@..@.reloc..p............Z..............@..B........................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):15936
                                                                                                                                                                                                            Entropy (8bit):6.466457942735197
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:GpsbHnDiW6gejmSHhV8cGees7snYPLr7Wj53:GpsbHn/HS/8cresgC743
                                                                                                                                                                                                            MD5:CF2F023D2B5F0BFB2ECF8AEEA7C51481
                                                                                                                                                                                                            SHA1:6EB867B1AC656A0FC363DFAE4E2D582606D100FB
                                                                                                                                                                                                            SHA-256:355366D0C7D7406E2319C90DF2080C0FAE72D9D54E4563C48A09F55CA68D6B0C
                                                                                                                                                                                                            SHA-512:A2041925039238235ADC5FE8A9B818DFF577C6EA3C55A0DE08DA3DEDD8CD50DC240432BA1A0AEA5E8830DCDCCD3BFBF9CF8A4F21E9B56DC839E074E156FC008D
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........R%^.<v^.<v^.<vW..v\.<vEx.v_.<vEx.v\.<vEx.v[.<v^.=vo.<vEx.vJ.<vEx.v_.<vEx.v_.<vRich^.<v........PE..L....DjW..................................... ....@..........................`......B.....@..................................#..P....@..\............&..@....P....... ...............................!..@............ ...............................text............................... ..`.rdata..z.... ......................@..@.data........0......................@....rsrc...\....@......................@..@.reloc.......P.......$..............@..B........................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):126528
                                                                                                                                                                                                            Entropy (8bit):6.8082748642937725
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:3072:Kw2b3Kr+uWU9XzFhziJ1TBZAhsIn/B9NZwMgjeNXLD:43KFFheLCBpV/
                                                                                                                                                                                                            MD5:73BD0B62B158C5A8D0CE92064600620D
                                                                                                                                                                                                            SHA1:63C74250C17F75FE6356B649C484AD5936C3E871
                                                                                                                                                                                                            SHA-256:E7B870DEB08BC864FA7FD4DEC67CEF15896FE802FAFB3009E1B7724625D7DA30
                                                                                                                                                                                                            SHA-512:EBA1CF977365446B35740471882C5209773A313DE653404A8D603245417D32A4E9F23E3B6CD85721143D2F9A0E46ED330C3D8BA8C24AEE390D137F9B5CD68D8F
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........!..r..r..r.W.r..r.W(r..r...r..r..(r..r...r..r.W.r..r..r..r.W)r..r.W.r..r.W.r..r.W.r..rRich..r................PE..L...qPjW...........!..... ...........(.......0.....m................................6N....@......................... u...B...U..........................@............5...............................S..@............0......<U..@....................text...b........ .................. ..`.rdata.......0.......$..............@..@.data...............................@....rsrc...............................@..@.reloc..X...........................@..B........................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):191040
                                                                                                                                                                                                            Entropy (8bit):6.75061028420578
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:3072:iUJiEoGLsncZizZQ7QBdCPdG3TBfMzrjZqMNGSplN2:iUJsnVzy7QBdC1G3TBEvFp6
                                                                                                                                                                                                            MD5:E3E51A21B00CDDE757E4247257AA7891
                                                                                                                                                                                                            SHA1:7F9E30153F1DF738179FFF084FCDBC4DAE697D18
                                                                                                                                                                                                            SHA-256:7E92648B919932C0FBFE56E9645D785D9E18F4A608DF06E7C0E84F7CB7401B54
                                                                                                                                                                                                            SHA-512:FC2981A1C4B2A1A3E7B28F7BF2BE44B0B6435FD43F085120946778F5C2C2CA73AD179796DEC0B92F0C6C8F6B63DD329EECC0AF1BB15392364C209DCF9CD6F7CA
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........+H..E...E...E.L.....E..E....E..E....E......E...D...E..E..{.E..E....E..E....E.Rich..E.........PE..L....DjW.....................&....................@..........................0......aN....@.................................L*..d.......................@............................................$..@............................................text...~........................... ..`.rdata...s.......t..................@..@.data....4...@....... ..............@....rsrc................6..............@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):23616
                                                                                                                                                                                                            Entropy (8bit):6.620094371728742
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:Qp2dG5pC/ujTc8ZrEnrZm8WXLFnPV52WZQAnYPLr7lOGa:uvCGjJ0Q9ndRZdC71a
                                                                                                                                                                                                            MD5:1C47DD47EBD106C9E2279C7FCB576833
                                                                                                                                                                                                            SHA1:3BA9B89D9B265D8CEC6B5D6F80F7A28D2030A2D1
                                                                                                                                                                                                            SHA-256:58914AD5737F2DD3D50418A89ABBB7B30A0BD8C340A1975197EEA02B9E4F25B2
                                                                                                                                                                                                            SHA-512:091F50B2E621ED80BAFE2541421906DE1BCC35A0E912055B93E40CD903BE8B474103C0D8FECDF46E7F2F3C44BDADE64A857AB2B9CB5404306055150EE4ED002A
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......2..v...v...v.....+.t...m'$.u...v...\...m'&.w...m'..t...m'..{...m'#.w...m'".w...m'%.w...Richv...................PE..L...wPjW...........!.....*...........4.......@.....m................................F.....@..........................I..|....E..<....`...............D..@....p.......@...............................D..@............@...............................text....).......*.................. ..`.rdata.......@......................@..@.data...(....P.......:..............@....rsrc........`.......<..............@..@.reloc..^....p.......@..............@..B........................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):160256
                                                                                                                                                                                                            Entropy (8bit):6.469497559123052
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:3072:a2lpElIhbyyH3c1CX766zKELxKvFaPSnjZqMNJlGle:a2rE+xdW+76DEVKv8wv
                                                                                                                                                                                                            MD5:4E3C37A4DE0B5572D69AD79B7A388687
                                                                                                                                                                                                            SHA1:6B274E166641F9CE0170E99FE2D1F4319B75A9E8
                                                                                                                                                                                                            SHA-256:893A86E7B1DE81DEDAB4794732FCCD02790756A2DBE4815C102F039088DFCBD2
                                                                                                                                                                                                            SHA-512:8352A1CD859D17A27560448C6FFB0E8200096CAC744C8BB56330397FDE0B7F702E2295999D89FBAD74DF72DF200C391113A23A9B4342ABAC738167967533F9CD
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......d6.. We. We. We.;...9We.;...We.)/..)We. Wd..We.O!.(We.;...We.;...!We.;...!We.;...!We.Rich We.........................PE..L....HjW...........!.....r...........q....................................................@.............................Z.......d.... ..............................@...................................@............................................text....p.......r.................. ..`.rdata..jH.......J...v..............@..@.data...,3..........................@....rsrc........ ......................@..@.reloc..@............T..............@..B................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):70208
                                                                                                                                                                                                            Entropy (8bit):6.353501201479367
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:768:jFVfr2k521ZnrawwMmqPXt+rP3b/9/YMCxx0OpPOrEE14EVHLAuDeGJiqrmehiV9:PxioMmqF+2x0MORLVq7qjh3rmKPNpwGg
                                                                                                                                                                                                            MD5:C2A59C7343D370BC57765896490331E5
                                                                                                                                                                                                            SHA1:A50AF979E08A65EB370763A7F70CDB0E179D705D
                                                                                                                                                                                                            SHA-256:40614FE8B91E01AD3562102E440BDBF5FAC5D9F7292C6B16A58F723BFFFE6066
                                                                                                                                                                                                            SHA-512:CA266F1B2E51F66D119E2D71E3377C229A3D583853FFB606C101AFEB41689ACE7D1F1594781091DA67F9BE9D09F3019BF048C0F819777E8F1827A56BEEC252C4
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........._...1...1...1..9....1.j...1..9....1..9...1.....1...0.q.1.....1..9....1..9....1..9....1.Rich..1.................PE..L....HjW.................B...........B.......`....@..........................@......5C....@..................................}..x.......................@....0.......b...............................u..@............`......@{.......................text...,@.......B.................. ..`.rdata..x'...`...(...F..............@..@.data................n..............@....rsrc................p..............@..@.reloc.......0......................@..B................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):57408
                                                                                                                                                                                                            Entropy (8bit):6.6711491011490285
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:1536:f6arRmcnq2lxm+Na6C7HIT6T8E2pLSSm3:fzm+q7HITS8E2pLSSA
                                                                                                                                                                                                            MD5:AEADA06201BB8F5416D5F934AAA29C87
                                                                                                                                                                                                            SHA1:35BB59FEBE946FB869E5DA6500AB3C32985D3930
                                                                                                                                                                                                            SHA-256:F8F0B1E283FD94BD87ABCA162E41AFB36DA219386B87B0F6A7E880E99073BDA3
                                                                                                                                                                                                            SHA-512:89BAD9D1115D030B98E49469275872FFF52D8E394FE3F240282696CF31BCCF0B87FF5A0E9A697A05BEFCFE9B24772D65ED73C5DBD168EED111700CAAD5808A78
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................I2.......(.......*.....................\.:.....\.>...............................)...............+.....Rich............PE..L...tPjW...........!.....r...V.......w.............m......................................@.........................@...x...............................@.......8.......................................@...............4............................text....p.......r.................. ..`.rdata...@.......B...v..............@..@.data...............................@....rsrc...............................@..@.reloc..8...........................@..B................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):446528
                                                                                                                                                                                                            Entropy (8bit):6.603555069382601
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:12288:RreTVhY4gXwLR4YS+OX3kQg4O5kM2LY58gwDTxXvwGSelo:Rr4VhyK7eTxXvwelo
                                                                                                                                                                                                            MD5:8AE40822B18B10494527CA3842F821D9
                                                                                                                                                                                                            SHA1:202DFFA7541AD0FAD4F0D30CEE8C13591DCA5271
                                                                                                                                                                                                            SHA-256:C9742396B80A2241CE5309C388B80000D0786A3CAB06A37990B7690FD0703634
                                                                                                                                                                                                            SHA-512:AA324A265639C67843B4BF6828029B413044CBE4D7F06A253B78B060EA554FECC6E803D59D03742C485B2EB3D52E5C0A44928DCC927501F413EE4664BB8A11F5
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........f.4Z..gZ..gZ..g.}g^..gWUggX..gWUeg\..gWUZgW..gWU[g_..g..qg]..gZ..g...g'~Zg~..g'~[g...g'~fg[..gWUag[..g'~dg[..gRichZ..g........PE..L...uPjW...........!..............................m......................................@.........................@..........d.......................@........%...................................\..@...............,............................text...{........................... ..`.rdata..............................@..@.data...............................@....rsrc...............................@..@.reloc...%.......&..................@..B........................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):126016
                                                                                                                                                                                                            Entropy (8bit):6.608910794554507
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:3072:oOxjjADzd+aeaPB9JhjxkM2wzGdXJbD/jn8Y6:ocKzeaPB9JhjxknwzG5JbDb8F
                                                                                                                                                                                                            MD5:01706B7997730EAA9E2C3989A1847CA6
                                                                                                                                                                                                            SHA1:7CEAD73CBE94E824FA5E44429B27069384BFDB41
                                                                                                                                                                                                            SHA-256:20533C66C63DA6C2D4B66B315FFCF5C93AE5416E3DAE68CDD2047EFE7958AB3A
                                                                                                                                                                                                            SHA-512:3272C8DE6C32D53372D481441DA81AE2B6EA02E8360B23D7F793B24827BD683A6604F43BE18CE2BEE40038FBE7D5F7AF78B2C465A51F82478D881DBEB5744DC2
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........y.r.*.r.*.r.*O..*.r.*.r.*.r.*. .*.r.*. .*.r.*. 0*.r.*. 1*.r.*..0*.r.*...*.r.*. .*.r.*...*.r.*Rich.r.*........PE..L...vPjW...........!.........:.....................m................................c.....@.....................................<.......................@.......\...................................0...@............................................text... ........................... ..`.rdata..8(.......*..................@..@.data...............................@....rsrc...............................@..@.reloc..\...........................@..B........................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):191552
                                                                                                                                                                                                            Entropy (8bit):6.744419946343284
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:3072:lScg0xvhTZNIs3Ft+STckCBQo3C0Y22vncTBfsO9jZqMN3cH1Tefqk:lSclI6nTc3BQo3C0YHncTBxvs65
                                                                                                                                                                                                            MD5:48C96771106DBDD5D42BBA3772E4B414
                                                                                                                                                                                                            SHA1:E84749B99EB491E40A62ED2E92E4D7A790D09273
                                                                                                                                                                                                            SHA-256:A96D26428942065411B1B32811AFD4C5557C21F1D9430F3696AA2BA4C4AC5F22
                                                                                                                                                                                                            SHA-512:9F891C787EB8CEED30A4E16D8E54208FA9B19F72EEEC55B9F12D30DC8B63E5A798A16B1CCC8CEA3E986191822C4D37AEDB556E534D2EB24E4A02259555D56A2C
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........v...%...%...%..w%...%.7D%...%.7q%...%..|%...%...%...%.7E%*..%.7u%...%.7r%...%Rich...%........................PE..L....DjW.....................(...................@..........................0............@.................................\*..d.......................@............................................$..@............................................text............................... ..`.rdata...t.......v..................@..@.data....4...@......."..............@....rsrc................8..............@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):269888
                                                                                                                                                                                                            Entropy (8bit):6.418120581797452
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:6144:Fp9B0qT85g5Sq+VBY2qVLC2wH5rM8HoQvlHO:5uqT85sSq+ERVm2wZEQvlHO
                                                                                                                                                                                                            MD5:F8211DB97BF852C3292C3E9C710C19D9
                                                                                                                                                                                                            SHA1:46DAD07779E030D8D1214AFE11C4526D9F084051
                                                                                                                                                                                                            SHA-256:ECF4307739CA93F1569CE49377A28B31FE1EB0F44B6950DBAAFA1925B24C9752
                                                                                                                                                                                                            SHA-512:B3E20EECA87136CAE77F06E4149E65EBFEF71A43589F7E2833008FE43811A2BC8B6202B6ADB5CE122A1822E83CE226B833DEF93A2B161476BD5B623794E4F697
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......a..L%...%...%...>c..8...J.4.-...,.......%.......>c5.....>c4.....>c..$...>c..$...Rich%...................PE..L...rGjW.................t...........C............@..................................a....@.................................L...x.......................@.......8................................... ...@...............h...T........................text....r.......t.................. ..`.rdata...c.......d...x..............@..@.data...8........z..................@....rsrc................V..............@..@.reloc..>-..........................@..B................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):13888
                                                                                                                                                                                                            Entropy (8bit):6.274978807671468
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:192:ahKnvndLwm3XLPVlD6yTUZnYe+PjPriT0fwdNJLkoRz:a4j7PVl1TAnYPLr7cLka
                                                                                                                                                                                                            MD5:0291BA5765EE11F36C0040B1F6E821FB
                                                                                                                                                                                                            SHA1:FFE1DCF575CCD0374DF005E9B01D89F6D7095833
                                                                                                                                                                                                            SHA-256:F8540BE2BBD5BDE7962D2FE4E7EC9EF9BF53D95B48781AE549AA792F10032485
                                                                                                                                                                                                            SHA-512:72ADDC631D8CF064E1B047B51EEF7F306CA959D24ED705065C33EE8DDDF7EA84B95B3DE5B0709015A81D36ACA01E15CE99A354D4069D4D798ED128A6A76D1010
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........X"._9LR_9LR_9LRD..R^9LRD..RS9LRD..RZ9LRVA.R]9LR_9MR|9LRD..R\9LRD..R^9LRD..R^9LRD..R^9LRRich_9LR........PE..L...xPjW...........!......................... .....m.........................`............@..........................&..J...\"..P....@..................@....P..@.... ...............................!..@............ ...............................text............................... ..`.rdata..Z.... ......................@..@.data...`....0......................@....rsrc........@......................@..@.reloc..t....P......................@..B................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):163904
                                                                                                                                                                                                            Entropy (8bit):6.783788147675078
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:3072:XrQPwE5tlGsXVomHvD+1febSICzqozXtrQwnNZkB+5:XU15tpX9HvsfrTtMwNWBY
                                                                                                                                                                                                            MD5:6E08D65F5CBB85E51010F36A84FC181D
                                                                                                                                                                                                            SHA1:4EEE8BE68BAAF6320AEA29131A1C0B322F09F087
                                                                                                                                                                                                            SHA-256:2D8658909D9E357A4B70FCF862D690EEC82A2F77161ABB021E0839C6A67D4825
                                                                                                                                                                                                            SHA-512:DF4494D062E9A8AC82D727D2722DCF32C3FC924FA104F384FA099ADB08ECBDEEA7A19245D779097C0AFCF51F84852328ED595C88380F42BD39560678C8AD9621
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........#..cp..cp..cp...p..cp...p..cp.D.p..cp..bp..cp.D.p..cp.D.p..cp.D.p..cp.D.p..cp.D.p..cp.D.p..cpRich..cp........................PE..L...{PjW...........!...............................m......................................@......................... ?..h...|9..<....P...............h..@....`...)..@...............................(8..@...............,............................text............................... ..`.rdata..._.......`..................@..@.data...0....@.......4..............@....rsrc........P.......8..............@..@.reloc...+...`...,...<..............@..B........................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):22592
                                                                                                                                                                                                            Entropy (8bit):6.620820751411794
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:YL4Z7lZRiY3PB6cGgOp2m1zq2oatSnPV5zYxkpLfsnYPLr7Ybc:E4PZRiY3PB6cVAebaMnd+ypLkC7Cc
                                                                                                                                                                                                            MD5:700F5789D2E7B14B2F5DE9FDB755762E
                                                                                                                                                                                                            SHA1:F35EDE3441D6E5461F507B65B78664A6C425E9AC
                                                                                                                                                                                                            SHA-256:D115EAF96BD41C7A46400DCFF7EF26AC99E3CF7A55A354855C86BAE5C69A895A
                                                                                                                                                                                                            SHA-512:664A442DD424CA04AC0CE072B9BBD5EF7C657B59A26403C44A856738F7998466BFE3010825A13451281841D39B0A34D8997EE24497D626EC60C19AA1AF0EE465
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........6...W..W..W../j.W...e.W..W..W....a.W...g.W...R.W...S.W...b.W...c.W...d.W..Rich.W..........PE..L...|PjW...........!........."......T&.......0.....m.................................O....@.........................`>.......:..<....`...............@..@....p.. ....0...............................9..@............0...............................text...^........................... ..`.rdata..p....0....... ..............@..@.data........P.......6..............@....rsrc........`.......8..............@..@.reloc.......p.......<..............@..B........................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):115264
                                                                                                                                                                                                            Entropy (8bit):6.588792190592223
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:3072:2Cgsy+/cydqNiaZr+lOzZPh7/W4MCnc8Ioaa2yFWcC6vsx/8:FZOzZPh7/WSe+S6v+U
                                                                                                                                                                                                            MD5:8BC8FE64128F6D79863BC059D9CC0E2E
                                                                                                                                                                                                            SHA1:C1F2018F656D5500ACF8FA5C970E51A55004DA2E
                                                                                                                                                                                                            SHA-256:B77CD78FF90361E7F654983856EE9697FDC68A0F9081C06207B691B0C9AF1F5D
                                                                                                                                                                                                            SHA-512:6771F23ECF1A449EB6B0B394E0F1D3EB17C973FC0544BA25487C92F215ACC234FC31C9B7BE5528EFD06D29A35BB37DD7934318837576862ADFC2631B4D610A24
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............l..l..l..>7..l..>...l..>5..l..>...l...#..l..5..l..l.zl.....l.....l..4..l..>3..l..6..l.Rich.l.........PE..L...}PjW...........!.........|......],.......@.....m................................~.....@.....................................x.......................@............................................h..@............@...............................text....-.......................... ..`.rdata..4Z...@...\...2..............@..@.data...4...........................@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):33934912
                                                                                                                                                                                                            Entropy (8bit):6.35314231534845
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:393216:VJ8d7SMzwH5R2sdDcBwHHdI4DKRlDsqXCagQZhzvilh2Wlq7ODI:VJ8d7zzUesdDtevn
                                                                                                                                                                                                            MD5:4D857A5FC9CA16D2A67872FACCF85D9F
                                                                                                                                                                                                            SHA1:EAEB632E526EFA946E4DB1B8CFA31DE6A7B03219
                                                                                                                                                                                                            SHA-256:7FFA7423DDA07499394B345E5ECE2D54C8E19247E6E76C0E23B5BF1470AB0D7F
                                                                                                                                                                                                            SHA-512:8DBC8675CE2DACE8D629C3FA66CF65704346AB829AE0B0A1D7B25BE22783B7E73624BA70F6D67264D6CA1656D7590E3753A8DF2227DA45112C5BD4A5654089AF
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........O..z!..z!..z!.c...z!..(...z!..(...z!......z!..z!..z!..(..hz!..(...z!......z!. ...z!..z ..{!......p!......z!..(...z!......z!.Rich.z!.................PE..L...~PjW...........!......... $....................m......................................@.................................X...x.......@...............@..............................................@............................................text.............................. ..`.rdata...E.......F..................@..@.data..............................@....unwante............................@..@.rsrc...@...........................@..@.reloc.............................@..B........................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):15936
                                                                                                                                                                                                            Entropy (8bit):6.475020301731584
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:GpsE5cnm6ObmSHhV8j0eeq4SziahnYPLr79OOu:Gpszn6iS/8jxeqfhC78Ou
                                                                                                                                                                                                            MD5:4F11D43AA2215CE771DA528878F01C8E
                                                                                                                                                                                                            SHA1:8062681D73489FF200CA0BA426FF1FF3F44494A7
                                                                                                                                                                                                            SHA-256:0D554CD4B373D6D9B9C179A468D179388706C0BDE4D878ED75EF575651588B3C
                                                                                                                                                                                                            SHA-512:34CB271C32FB479CFAEEC536A5D35A41730E90001D67DC9DB595DB240A1F58C3BF12334BB5CDE7673C8E56A4C272BFBD66E4EACDEE0082F6FD583E4E039EC540
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........R%^.<v^.<v^.<vW..v\.<vEx.v_.<vEx.v\.<vEx.v[.<v^.=vo.<vEx.vJ.<vEx.v_.<vEx.v_.<vRich^.<v........PE..L....DjW............................|........ ....@..........................`.......C....@.................................$#..P....@..@............&..@....P....... ...............................!..@............ ...............................text............................... ..`.rdata....... ......................@..@.data........0......................@....rsrc...@....@......................@..@.reloc.......P.......$..............@..B........................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):158784
                                                                                                                                                                                                            Entropy (8bit):6.816453355323999
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:3072:gLkNbBRaz4rQWiG6wMz9/S3en9pHUw06TBfkqI44:rNbB4Mcnv7z6en9pj06TB6
                                                                                                                                                                                                            MD5:73A76EC257BD5574D9DB43DF2A3BB27F
                                                                                                                                                                                                            SHA1:2C9248EAE2F9F5F610F6A1DFD799B0598DA00368
                                                                                                                                                                                                            SHA-256:8F19B1BA9295F87E701C46CB888222BB7E79C6EE74B09237D3313E174AE0154F
                                                                                                                                                                                                            SHA-512:59ECD5FCF35745BDADCDB94456CB51BB7EA305647C164FE73D42E87F226528D1A53CE732F5EC64CE5B4581FA8A17CFBFDC8173E103AE862D6E92EB3AD3638518
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................6...........0.....=............7....5.....4.....3....Rich............PE..L....PjW...........!...............................o................................Y.....@..........................3..m....*..d....................T..@............................................#..@............................................text...~........................... ..`.rdata...u.......v..................@..@.data....4...@......."..............@....rsrc................6..............@..@.reloc.."............:..............@..B................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):207424
                                                                                                                                                                                                            Entropy (8bit):6.630800216665857
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:6144:ckZ5ktGCru8e6Y3RhNw0mjs+OBS7n7ACKRAHbW:ciIbS6Y37Nw0/QC
                                                                                                                                                                                                            MD5:475DD87198F9C48EFB08AAB4ADE8AF5A
                                                                                                                                                                                                            SHA1:9B657E0837639663D4D721F8C5E25401F11E7BEB
                                                                                                                                                                                                            SHA-256:32764005FCCE7D0E51801528F6B68C860979E08D027A5220DFEC19B2A8013354
                                                                                                                                                                                                            SHA-512:0B492B0FBADC14178A6F79A58E47C30D92B59B18414E38A7B119699D0788ACF3713F925CF0EC570BE3E29AB26BDB6B567C38526BC0603BA78ECC3E2952EA3E2B
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........D.*...*...*.......*.......*.;....*.......*.......*...+...*.......*.......*.......*.......*.......*.......*.Rich..*.........................PE..L....PjW...........!.........>.....................o.........................P............@.............................................................@......../...................................C..@...............|...........................text.../........................... ..`.rdata..............................@..@.data....,.......&..................@....rsrc...............................@..@.reloc...6.......8..................@..B........................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):82496
                                                                                                                                                                                                            Entropy (8bit):6.597347722250847
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:1536:ez2dfBusTTkMffX+xR5kdt94u+508AqDfJOqsbCkq24maADX:kE5u+kkX+P+dt9O08JJOZXX4nADX
                                                                                                                                                                                                            MD5:5F85F7F2DFAC397D642834B61809240F
                                                                                                                                                                                                            SHA1:ECA28E8464208FA11EF7DF677B741CDD561483D9
                                                                                                                                                                                                            SHA-256:B71E00ADB77D87882D58993A5888955BDD62C57D364F60AAA0FA19D32A69C9DA
                                                                                                                                                                                                            SHA-512:2BFE9FCE450E57EA93DEEAA85A746CB17BA946EEFF866F10D67C74F7EA038B16910E0D8EF29E9F358AF7DAABD45E3983C370FEF82A9647546819DCDE3AEE45BC
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........-..C..C..C.....C..3..C.v...C..3..C..B.X.C.....C..3..C..3...C..3..C..3..C.Rich.C.........PE..L....HjW............................1.............@.................................cE....@.................................\...x....`..H............*..@....p..h.......................................@............................................text............................... ..`.rdata...C.......D..................@..@.data....0... ......................@....rsrc...H....`......................@..@.reloc.......p......................@..B........................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):19008
                                                                                                                                                                                                            Entropy (8bit):6.372096409611824
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:PTjlu57T5J5eFeYW7TPVlN3B+ASZQ4NNR7F3qnYPLr7om0:PnUd5eFeDfd5Sj7oC7om0
                                                                                                                                                                                                            MD5:4023E25F92B5F13E792901BF112A8EA2
                                                                                                                                                                                                            SHA1:31ADCD411905832B89EA55DEC8B9C83AF3C7D3EA
                                                                                                                                                                                                            SHA-256:432AEDAC59FA161FED5A5D95CA5F8CFD1D73A35ABE8A7090D137100F727B687B
                                                                                                                                                                                                            SHA-512:AD0E6F8071EB09E843989E637BACA988DD7706D84FC26DB7C2E18BBE03A78A6C5BFE4F1B28289B5929B2B86C53FB6C3DAE42523DC8EDE8057A8F431AEA77BB20
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............~fQ.~fQ.~fQ...Q.~fQ...Q.~fQ...Q.~fQ...Q.~fQ.~gQ.~fQ...Q.~fQ...Q.~fQ...Q.~fQ...Q.~fQ...Q.~fQRich.~fQ................PE..L....PjW...........!.........................0.....o.........................p.......8....@..........................8......43..P....P...............2..@....`.......1..............................P1..@............0.......2..@....................text............................... ..`.rdata..T....0......................@..@.data........@.......&..............@....rsrc........P.......*..............@..@.reloc..J....`......................@..B................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):186944
                                                                                                                                                                                                            Entropy (8bit):6.612459610032652
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:3072:XsSFQQB7SGWV2xrkvql6QPJD7mGVqjLypDTaDE5zwmFxy7HglbZrdIG:XJ97PxYAPJ/RV0tDCzw+xy0ldOG
                                                                                                                                                                                                            MD5:E9373908186D0DA1F9EAD4D1FDAD474B
                                                                                                                                                                                                            SHA1:C835A6B2E833A0743B1E8F6F947CFE5625FE791F
                                                                                                                                                                                                            SHA-256:E2FBD6C6334D4765FF8DFF5C5FE3DF8B50015D0BF9124142748FADB987B492FF
                                                                                                                                                                                                            SHA-512:BFDC236D462DAC45FD63C112E40558ED4E11E76FB4D713926A679FD573F67FA16451231A03178926B76BD267F092A33A3B6760CF4812DE2679BB9505B83F8261
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B.+.#.x.#.x.#.x.mGx.#.x..Ax.#.x..ux3#.x.[Lx.#.x.[\x.#.x.#.x #.x.Utx.#.x..tx.#.x..Dx.#.x..Ex.#.x..Bx.#.xRich.#.x................PE..L....PjW...........!................K........ .....o................................,j....@................................. ...d.......................@............"...............................f..@............ ..P...L|.......................text...\........................... ..`.rdata...m... ...n..................@..@.data....5...........z..............@....rsrc...............................@..@.reloc...%.......&..................@..B........................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):145984
                                                                                                                                                                                                            Entropy (8bit):6.69725055196282
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:3072:S2yRKm4/j/dKLnjHy7OMD+MqS1RYio7+oD33GnUV0fem2M:S2ytqlYnjHehDzqiq+oD33OUV8Vx
                                                                                                                                                                                                            MD5:4294D39CC9E5F23754D41B9DDE710112
                                                                                                                                                                                                            SHA1:1BAA1E136F18108AB4E31EC005DEC54FC3F23A7C
                                                                                                                                                                                                            SHA-256:DE3EEDED01B35DC7C29B0B758211BB1DB73CCFFB9298D281DAF56924ED9E93CB
                                                                                                                                                                                                            SHA-512:E88DFF129DD35445B32A2DBCAB97CF752E9ACDF82FF88B184FA6D3B461D55BD2D195794802C5BA5E7EFFA086DC89E0C2CEF0C8B0BFA29AC70B75CFB1B4B0584C
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........:.j.i.j.i.j.i..5i.j.i..8i.j.i...i.j.i..:i.j.i.j.i.j.i...i.j.i..=i.j.i..<i.j.i..;i.j.iRich.j.i................PE..L....PjW...........!.........P......)..............o.........................`............@.........................."..X.......P....@..............."..@....P..........................................@............................................text...N........................... ..`.rdata...9.......:..................@..@.data........0......................@....rsrc........@......................@..@.reloc..4....P......................@..B........................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):16448
                                                                                                                                                                                                            Entropy (8bit):6.482296988184946
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:n11I27Bf0jeZy+hiqEyRoPV527rBnYPLr7/U:nrJfYqodYJC78
                                                                                                                                                                                                            MD5:4BDF31D370F8A893A22820A3B291CC1D
                                                                                                                                                                                                            SHA1:BD27656B42F881EEE1940CFE15CF84C1938B57BA
                                                                                                                                                                                                            SHA-256:C98DFAC99CC1E05D5F86B2577031A7624DCC13D0A8344B2855F166335177BC16
                                                                                                                                                                                                            SHA-512:51623274C13DA71AD01DBAD7950444B512F08C3DC04E27F0321DF02E9F3C4DFB308DEF35F58524CCCCE79ED2A8859D85C16DC0D9BEA378E5538E23602D35AA76
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........{.m..d>..d>..d>.b.>..d>...>..d>..e>..d>...>..d>...>..d>...>..d>...>..d>...>..d>...>..d>Rich..d>........................PE..L....PjW...........!.........................0.....o.........................p......n.....@.........................P8..:....4..<....P...............(..@....`.......0...............................3..@............0...............................text............................... ..`.rdata.......0......................@..@.data...`....@....... ..............@....rsrc........P......."..............@..@.reloc.......`.......&..............@..B................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):30784
                                                                                                                                                                                                            Entropy (8bit):6.609051738644882
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:mk87qhVj8sqgP7CRLMOPfkGo7UdJs0flkg2uG8RPGHTR5ny5pnYPLr7z:mk87qhVjaMOPJdJFflLJR+V03C7z
                                                                                                                                                                                                            MD5:7BD914407C6D236B27865A8C63147B7F
                                                                                                                                                                                                            SHA1:9B49E48705341D30E3F92B85652E924C7985E415
                                                                                                                                                                                                            SHA-256:549849DC910261D817670B192715430395993E811D0FD3103651237D7F18929D
                                                                                                                                                                                                            SHA-512:624DC95F696BEA311726EAFB0017F363C8703B95A2E08DE984C642867888CF5B9172326C2E2567ED4A2EA28F806B633840552C80BE49EB6CF2A8FC4A0C259117
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......U.Nu.h &.h &.h &...&.h &...&.h &...&.h &.h!&_h &...&.h &...&.h &...&.h &...&.h &...&.h &Rich.h &........PE..L....PjW...........!.....8...(.......A.......P.....o.................................G....@.........................P^.......V..P....................`..@...........`Q...............................U..@............P..D............................text...66.......8.................. ..`.rdata.. ....P.......<..............@..@.data...$....p.......V..............@....rsrc................X..............@..@.reloc...............\..............@..B................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):27712
                                                                                                                                                                                                            Entropy (8bit):6.6264206752006825
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:768:hgWe1DWI+mB7JkJKe3xVF2XNbuHEqe8yIGn3zY9pcQ/oGmEsg0sqkgiHmNs2Qd6X:qWbEK1Ms2dYJG
                                                                                                                                                                                                            MD5:6280201C1918EA3293919BB282D2B563
                                                                                                                                                                                                            SHA1:3F6F5299A435E2A0C36BE8AAD4CB2FCAACD0897D
                                                                                                                                                                                                            SHA-256:0711127A297E4CC1927D77013FC040CAA26930C34A4C7B4D7631BCE9C8041B74
                                                                                                                                                                                                            SHA-512:A4C4507ED4FDEC038FAFA62970161E7B75FF9A2ABBDF854ED55483144DCDC0FC9D21235FDDDF1B38303723F9C615AE388397C4D17B5391D8827A5B40AC52C5FC
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............q...q...q.......q.......q.......q...q...q....=..q....<..q.......q.......q.......q..Rich.q..........................PE..L....PjW...........!.....6...$.......?.......P.....o................................p;....@.........................0Y.......S.......p...............T..@.......0....Q...............................R..@............P...............................text...f4.......6.................. ..`.rdata.......P.......:..............@..@.data...L....`.......J..............@....rsrc........p.......L..............@..@.reloc...............P..............@..B................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):178240
                                                                                                                                                                                                            Entropy (8bit):6.793245389378621
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:3072:gWosiKTxga2KtpdhEnGF5PNyR0BxDxxKF5HkEWnuYsauj9Fom1QB:3RRKAtpdhEn/0BzwFpvYm0z
                                                                                                                                                                                                            MD5:BF299F73480AF97A750492E043D1FADD
                                                                                                                                                                                                            SHA1:C93C4A2DAE812F31603E42D70711D3B6822F9E8E
                                                                                                                                                                                                            SHA-256:0334E3B7AE677116B92516172D0CA905723DAF847D8B3B0DC3FC118EDC703D51
                                                                                                                                                                                                            SHA-512:7265783F0DD653DBC4693D5EFEB156281620C5421F29910F14C22B75A936233E9E897087E64B641335795484837F28F113EE9F380027698A898F19115FD0F648
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........:..di..di..di.k.i..di.k.i..di...i..di.k.i..di..ei..di.k.i..di.k.i..di.k.i..di.k.i..diRich..di................PE..L...pPjW...........!.....^...F.......g.......p.....o.................................Z....@.............................d....x..P.......h...............@....... ...`q..............................pw..@............p..H............................text....\.......^.................. ..`.rdata.......p.......b..............@..@.data................v..............@....rsrc...h...........................@..@.reloc.. ...........................@..B........................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):15936
                                                                                                                                                                                                            Entropy (8bit):6.474237923131844
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:Gps45cnQ6DmSHhV8r0eeU4Szi6nYPLr70aG:Gpsnn4S/8rxeUvC7RG
                                                                                                                                                                                                            MD5:9A4CF09834F086568DF469E3F670BF07
                                                                                                                                                                                                            SHA1:594C4E0394475A6299C79E3A063C7D5AE49635F3
                                                                                                                                                                                                            SHA-256:709E9E544434C52285A72F29AD6B99CE1E7668545F10AD385C87ABF34D2052BB
                                                                                                                                                                                                            SHA-512:CD551E7944461F3288B880B9D161F19F97EB4599A3A46CC93C4172B5112960FB0C040B9996F13CF0761FB85A283E2F20944135EC59660C807A59B29CDDC44586
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........R%^.<v^.<v^.<vW..v\.<vEx.v_.<vEx.v\.<vEx.v[.<v^.=vo.<vEx.vJ.<vEx.v_.<vEx.v_.<vRich^.<v........PE..L....DjW............................|........ ....@..........................`.......@....@.................................4#..P....@..T............&..@....P....... ...............................!..@............ ...............................text............................... ..`.rdata....... ......................@..@.data........0......................@....rsrc...T....@......................@..@.reloc.......P.......$..............@..B........................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):15936
                                                                                                                                                                                                            Entropy (8bit):6.477340414037824
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:Gps45cnk6LlmSHhV8i+ceek4SzS+nYPLr7wd:Gpsnn5AS/8jZek7C7wd
                                                                                                                                                                                                            MD5:4DE6BFE6EA98BC42A5358ED8307107B2
                                                                                                                                                                                                            SHA1:8F687E60784FD9046A361DC1DC85D43051CBD577
                                                                                                                                                                                                            SHA-256:7C07D167AA4A23AB64A205301663C87E578FF6B31985DF8B51AF80CA6999176F
                                                                                                                                                                                                            SHA-512:8091AADEACAD1DAC5191EBB996D1E4BE25A19C10A4E76F79AB7EA2A592711FD39AAD7E89D7DEE09385296AA7A649AABFA7C325C4A627AFE1C009C906709EDB5A
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........R%^.<v^.<v^.<vW..v\.<vEx.v_.<vEx.v\.<vEx.v[.<v^.=vo.<vEx.vJ.<vEx.v_.<vEx.v_.<vRich^.<v........PE..L....DjW............................|........ ....@..........................`............@.................................4#..P....@..H............&..@....P....... ...............................!..@............ ...............................text............................... ..`.rdata....... ......................@..@.data........0......................@....rsrc...H....@......................@..@.reloc.......P.......$..............@..B........................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):15936
                                                                                                                                                                                                            Entropy (8bit):6.477747126356611
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:GpsJ5cn66FmSHhV8Teeek4SzSgnYPLr7mpB:GpsUngS/8TDekdC7yB
                                                                                                                                                                                                            MD5:CA17B8CBD623477C5D1D334B79890225
                                                                                                                                                                                                            SHA1:2BFC372A28EDE40093286CDA45003951A2CE424F
                                                                                                                                                                                                            SHA-256:A7AC47AC8518E2D53575E12521B3A766A5E2EE4133C6C6AB9AE1C3C6777F5E77
                                                                                                                                                                                                            SHA-512:D9DDF3E67B9A4E0197D271243623D4DF8A26A35EC2F5195AB316E910E133BA09C70F6D28E7CA69184E4ABABCF063C014D7A6E6EA48F82382B316864A945175C5
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........R%^.<v^.<v^.<vW..v\.<vEx.v_.<vEx.v\.<vEx.v[.<v^.=vo.<vEx.vJ.<vEx.v_.<vEx.v_.<vRich^.<v........PE..L....DjW............................|........ ....@..........................`....... ....@.................................4#..P....@..H............&..@....P....... ...............................!..@............ ...............................text............................... ..`.rdata....... ......................@..@.data........0......................@....rsrc...H....@......................@..@.reloc.......P.......$..............@..B........................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):15936
                                                                                                                                                                                                            Entropy (8bit):6.476844183458217
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:Gpsw5cnL6U0mSHhV89+ee84SzSFnYPLr7KTdK:Gps/nHpS/89je80C7KQ
                                                                                                                                                                                                            MD5:B4AD335E868693F009B7644E2ED555C1
                                                                                                                                                                                                            SHA1:ECCB9711CF78BCD5BD78231A838B1852764B301C
                                                                                                                                                                                                            SHA-256:CCA46A54A1A9CE78F7FFC49D195C4AB970AD540B5FCB2B6D9BF57EEDF38EC28D
                                                                                                                                                                                                            SHA-512:04A4670345B47C5B256220A85FFC68A1DD6DFE8D44838A4C634EB0EBC469EFC307B0BCF838AA1244634A315F365518B1633586B872C6D459EE80374D14234CA4
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........R%^.<v^.<v^.<vW..v\.<vEx.v_.<vEx.v\.<vEx.v[.<v^.=vo.<vEx.vJ.<vEx.v_.<vEx.v_.<vRich^.<v........PE..L....DjW............................|........ ....@..........................`......{.....@.................................4#..P....@..H............&..@....P....... ...............................!..@............ ...............................text............................... ..`.rdata....... ......................@..@.data........0......................@....rsrc...H....@......................@..@.reloc.......P.......$..............@..B........................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):185920
                                                                                                                                                                                                            Entropy (8bit):6.517453559791758
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:3072:pmxoFzYbnERrNyf0VCyqp2pswAG8wJfV1cnrQKUCc9rBTq/bKQcUMZ:koFJcQCyuZG8wdKcLgbDcU6
                                                                                                                                                                                                            MD5:D4246AF96E1FFA5E63C55E6F0A63ED82
                                                                                                                                                                                                            SHA1:30F319CEBD7BCCCFC3637231D07F45BD5A79B03E
                                                                                                                                                                                                            SHA-256:84576AAC88D08E864645415D8A81F4B8F04C881B7624973C952BA6BCB94F4C8C
                                                                                                                                                                                                            SHA-512:92EDFE62BE5BDDC47EC51B01F8FE71C69691423ABECBB358A972766ACCDC8F9365C064FD0A7833C8853EDD5DED51791A7662584DB5F54BE3586AC2787160FA6A
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......AE.m.$z>.$z>.$z>.\.>.$z>...>.$z>...>.$z>...>.$z>.${>T$z>...>"$z>...>.$z>...>.$z>...>.$z>Rich.$z>........................PE..L...pPjW...........!.................%.......0.....o......................................@..........................P..h...LK..d.......................@.......$... 1...............................I..@............0...............................text............................... ..`.rdata..H#...0...$... ..............@..@.data....h...`...\...D..............@....rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):33344
                                                                                                                                                                                                            Entropy (8bit):6.5580840927675945
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:768:5TuVpsEkV3/azbYJHf2ZdCwhxKdv0tCFC7dRb:5YQV3/az8x2HCSScC4dRb
                                                                                                                                                                                                            MD5:EFF31A13A4A5D3E9A5BD36E7349D028B
                                                                                                                                                                                                            SHA1:8E47BE8C1CE4DFD73B7041679E96EA4A17DDB4C0
                                                                                                                                                                                                            SHA-256:307B816892FDD9BAD9E28953E1BBB4BCE35C8F8CA783C369D7EB52A22BCC4229
                                                                                                                                                                                                            SHA-512:72148C757624868D3866C40B31149CCA171737D82ADBCDF2C8FB03A9D8F3C1CEA2B2FC5137DD11DAAD2328D3AF8FAE43568DCCD843664BC43323F9357B67B6A0
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........\j.29.29.29w..9.29...9.29...9.29..9.29...9.29.39..29...9..29...9.29...9.29...9.29Rich.29........PE..L...pPjW...........!.....,...>......H6.......@.....o................................T.....@..........................T.......K.......................j..@...........pA..............................XJ..@............@..P............................text...^+.......,.................. ..`.rdata...-...@.......0..............@..@.data...@....p.......^..............@....rsrc................`..............@..@.reloc...............d..............@..B........................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):574528
                                                                                                                                                                                                            Entropy (8bit):6.508068830472597
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:12288:NtKMEr1LBBgPcvhwhtRtL+tKJZetu4zxLukaMevlOjPMat4+8NMutQaLqqiINw3X:NtKMEr1VBgPcvhwhtRtL+tkZezxLuQeS
                                                                                                                                                                                                            MD5:5E1B7D0ACCB4275DEAB6312AA246CB3E
                                                                                                                                                                                                            SHA1:488A5CB9D9C0CF27824DF32B9B76D4F67F6FB485
                                                                                                                                                                                                            SHA-256:9FC49B3F6FD11A2B2B92748C24F21721D1011B1920D092E38AF4021102125543
                                                                                                                                                                                                            SHA-512:5A875DD4731E862F753EBB987593DC61D39DD3D3D13CDED284DE27DD09AFA946FA96824AC194EC0DD45AA2CE0D56637A5522F49F28F3C89B7F5248D389B1B62E
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........Y...8i.8i.8i.@..8i....8i.8h.8i....8i....8i.....8i....8i....8i....8i.Rich.8i.........PE..L...pPjW...........!...............................o.....................................@......................... ..."......<.......................@...........................................p...@............................................text............................... ..`.rdata..B...........................@..@.data...,...........................@....rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):455328
                                                                                                                                                                                                            Entropy (8bit):6.698367093574994
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:12288:uZ/8wcqw2oe+Z3VrfwfNOOoWhUgiW6QR7t5ss3Ooc8DHkC2e77/:W/8wVwHZFTwFOOos3Ooc8DHkC2e77/
                                                                                                                                                                                                            MD5:FD5CABBE52272BD76007B68186EBAF00
                                                                                                                                                                                                            SHA1:EFD1E306C1092C17F6944CC6BF9A1BFAD4D14613
                                                                                                                                                                                                            SHA-256:87C42CA155473E4E71857D03497C8CBC28FA8FF7F2C8D72E8A1F39B71078F608
                                                                                                                                                                                                            SHA-512:1563C8257D85274267089CD4AEAC0884A2A300FF17F84BDB64D567300543AA9CD57101D8408D0077B01A600DDF2E804F7890902C2590AF103D2C53FF03D9E4A5
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......o...+.N+.N+.N.3wN).N+.N..Nm.aN(.Nm.cN#.Nm.]N..Nm.\Ne.Nm.YN-.Nm.`N*.Nm.gN*.Nm.bN*.NRich+.N........................PE..L....|OR.........."!.........................0.......................................x....@..........................W..L...<...<........................>.......D...................................K..@...............<............................text...<........................... ..`.data....^...0...0... ..............@....idata...............P..............@..@.rsrc................j..............@..@.reloc...D.......F...n..............@..B........................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):773968
                                                                                                                                                                                                            Entropy (8bit):6.901569696995594
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:12288:yMmCy3nAgPAxN9ueqix/HEmxsvGrif8ZSy+rdQw2QRAtd74/vmYK6H3BV0eAI:dmCy3KxW3ixPEmxsvGrm8Z6r+JQPzV4I
                                                                                                                                                                                                            MD5:BF38660A9125935658CFA3E53FDC7D65
                                                                                                                                                                                                            SHA1:0B51FB415EC89848F339F8989D323BEA722BFD70
                                                                                                                                                                                                            SHA-256:60C06E0FA4449314DA3A0A87C1A9D9577DF99226F943637E06F61188E5862EFA
                                                                                                                                                                                                            SHA-512:25F521FFE25A950D0F1A4DE63B04CB62E2A3B0E72E7405799586913208BF8F8FA52AA34E96A9CC6EE47AFCD41870F3AA0CD8289C53461D1B6E792D19B750C9A1
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......:.y.~...~...~...w...}...~.......eD.....eD..+...eD..J...eD......eD......eD......eD......Rich~...................PE..L..."._M.........."!.........................0.....x................................u.....@..........................H......d...(.......................P.......$L...!..8...........................hE..@............................................text...!........................... ..`.data....Z...0...N..................@....rsrc................f..............@..@.reloc..$L.......N...j..............@..B................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):970912
                                                                                                                                                                                                            Entropy (8bit):6.9649735952029515
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:12288:LBmFyjLAOQaYkxGXPfY7eiWWcpOKnpTVOIxhK765qlRRb6x4pI23IbJQV:dmFyjLF847eiWWcoGZVOIxh/WxIAIbGV
                                                                                                                                                                                                            MD5:034CCADC1C073E4216E9466B720F9849
                                                                                                                                                                                                            SHA1:F19E9D8317161EDC7D3E963CC0FC46BD5E4A55A1
                                                                                                                                                                                                            SHA-256:86E39B5995AF0E042FCDAA85FE2AEFD7C9DDC7AD65E6327BD5E7058BC3AB615F
                                                                                                                                                                                                            SHA-512:5F11EF92D936669EE834A5CEF5C7D0E7703BF05D03DC4F09B9DCFE048D7D5ADFAAB6A9C7F42E8080A5E9AAD44A35F39F3940D5CCA20623D9CAFE373C635570F7
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......S9...XlA.XlA.XlA..A.XlA.XmA.XlAQ..A.ZlAQ..AvXlAQ..A!XlAQ..A.XlAQ..A.XlAQ..A.XlAQ..A.XlARich.XlA........PE..L....|OR.........."!................D............................................... .....@.........................`........R..(....p...................>......d]..@...8...........................H...@............P...............................text............................... ..`.data...4e.......V..................@....idata.......P......................@....rsrc........p.......0..............@..@.reloc..d].......^...4..............@..B................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):79936
                                                                                                                                                                                                            Entropy (8bit):6.675027571633986
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:1536:ygRdVzzmTj2iu+wk5eQjBE55W+hYRwZZ3GFjJJ5n5WF:yIfmHsM5j6VqJJ55WF
                                                                                                                                                                                                            MD5:691B937A898271EE2CFFAB20518B310B
                                                                                                                                                                                                            SHA1:ABEDFCD32C3022326BC593AB392DEA433FCF667C
                                                                                                                                                                                                            SHA-256:2F5F1199D277850A009458EDB5202688C26DD993F68FE86CA1B946DC74A36D61
                                                                                                                                                                                                            SHA-512:1C09F4E35A75B336170F64B5C7254A51461DC1997B5862B62208063C6CF84A7CB2D66A67E947CBBF27E1CF34CCD68BA4E91C71C236104070EF3BEB85570213EC
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......!.._e.}.e.}.e.}.~'..d.}.~'..g.}.....f.}.~'..c.}.e.|..}.l...b.}.l...d.}.~'..D.}.~'..d.}.~'..d.}.~'..d.}.Riche.}.................PE..L...pPjW...........!.........l.....................o.........................`......-.....@.............................1............0............... ..@....@...................................... ...@...................l...`....................text............................... ..`.rdata...L.......N..................@..@.data........ ......................@....rsrc........0......................@..@.reloc..*....@......................@..B........................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):51264
                                                                                                                                                                                                            Entropy (8bit):6.565433654691718
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:768:a+BEJER/xSW/EoB8VBQZbKYawLysHFhIAqQbQMD8YpwQ+Qi4v8qUYVC7R:a+BEJERvQGbKnwusjIAq08YDi4UqUYoR
                                                                                                                                                                                                            MD5:95EDB3CB2E2333C146A4DD489CE67CBD
                                                                                                                                                                                                            SHA1:79013586A6E65E2E1F80E5CAF9E2AA15B7363F9A
                                                                                                                                                                                                            SHA-256:96CF590BDDFD90086476E012D9F48A9A696EFC054852EF626B43D6D62E72AF31
                                                                                                                                                                                                            SHA-512:AB671F1BCE915D748EE49518CC2A666A2715B329CAB4AB8F6B9A975C99C146BB095F7A4284CD2AAF4A5B4FCF4F939F54853AF3B3ACC4205F89ED2BA8A33BB553
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......J!...@..@..@...@..@...u..@...B..@..@..@..8M..@...t..@...E..@...D..@...C..@.Rich.@.........PE..L...pPjW...........!.....V...Z......9_.......p.....o................................X.....@..............................+..L|..........................@.......t....r...............................{..@............p...............................text...TT.......V.................. ..`.rdata...F...p...H...Z..............@..@.data...(...........................@....rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):17472
                                                                                                                                                                                                            Entropy (8bit):6.403594687791098
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:192:A3PK394shTLHzW8KMw3X+PVR6y/FNdoEUtnYe+PjPriT0fwoBpp6Z:BThTrzPPQOPV5NNdoEwnYPLr7xc
                                                                                                                                                                                                            MD5:94CAADA66F6316A9415A025C68388A18
                                                                                                                                                                                                            SHA1:57544E446B2B0CFBA0732F1F46522354F94B7908
                                                                                                                                                                                                            SHA-256:D1C4FB91296D643AEE6AB9CD66CC70ACBE2667AD572D969A06FFEAA2A8859FAF
                                                                                                                                                                                                            SHA-512:AC29E7C722A266DCB633953EF2A7E33DF02059AC7876FF94828464B5B74B5BC321C5D2D2851F3CBBFE1328D18F3CD9A49E5EFFE7E4E8AC2BEB3A0E4AAA53AD87
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............w...w...w....@..w..O9K..w....O..w...w...w....M..w....x..w....y..w....H..w....I..w....N..w..Rich.w..........PE..L...qPjW...........!................)........0.....o.........................p......w.....@..........................7.._....3..<....P...............,..@....`.......0...............................2..@............0...............................text...>........................... ..`.rdata..O....0......................@..@.data...X....@......."..............@....rsrc........P.......$..............@..@.reloc.......`.......(..............@..B........................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):16448
                                                                                                                                                                                                            Entropy (8bit):6.380289288441742
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:GpsCgvnvId6YmSHhV85AeencGtnYPLr7Vz:GpsDngGS/851ebC7Vz
                                                                                                                                                                                                            MD5:7DA6AA3CC4763C6F9C20B43E6C9A9547
                                                                                                                                                                                                            SHA1:3F28CF8E6AAD199DCC621F2A2C8AD50126813B05
                                                                                                                                                                                                            SHA-256:F7375AD07F0BE6FD75E822A9ECFF5ACA073DB03B95894C05C7657BEC7AF59AF4
                                                                                                                                                                                                            SHA-512:7948EAA11B4026F9975B6CC4225A4C0B617341299364196F3825EEF4484A6EEB529319BF4F6D19436689083C36BF1F6B9880574764612FC900C8CC1D73EED1BB
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........R%^.<v^.<v^.<vW..v\.<vEx.v_.<vEx.v\.<vEx.v[.<v^.=vo.<vEx.vJ.<vEx.v_.<vEx.v_.<vRich^.<v........PE..L....DjW............................z........ ....@..........................`......1.....@..................................#..P....@..H............(..@....P....... ..............................h"..@............ ...............................text............................... ..`.rdata..*.... ......................@..@.data........0......................@....rsrc...H....@......................@..@.reloc.......P.......&..............@..B........................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):15936
                                                                                                                                                                                                            Entropy (8bit):6.4779230305378315
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:Gpsk5Bn46zmSHhV8yYAeeU4Sz5uwnYPLr73ki:GpsungS/8yY1eUuwC79
                                                                                                                                                                                                            MD5:E9AA62B1696145A08D223E7190785E25
                                                                                                                                                                                                            SHA1:A9A0CB22A28A3843CF6CCBC9578B1438F0A7B500
                                                                                                                                                                                                            SHA-256:EA9DF3432EF31B6864112AF1CEC94E6BE33B92A9030369B9F99225113BCA6EF8
                                                                                                                                                                                                            SHA-512:516FA102922980DF592DD08A840DA9073B6568F5E52847968C59995F2BD067AC6D2668D0272AE017D0C71AF627766A8676AE1EB1BC520B76F1F9C5CEEB4BA840
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........R%^.<v^.<v^.<vW..v\.<vEx.v_.<vEx.v\.<vEx.v[.<v^.=vo.<vEx.vJ.<vEx.v_.<vEx.v_.<vRich^.<v........PE..L....DjW............................|........ ....@..........................`.......#....@.................................D#..P....@..T............&..@....P....... ...............................!..@............ ...............................text............................... ..`.rdata....... ......................@..@.data........0......................@....rsrc...T....@......................@..@.reloc.......P.......$..............@..B........................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):773968
                                                                                                                                                                                                            Entropy (8bit):6.901569696995594
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:12288:yMmCy3nAgPAxN9ueqix/HEmxsvGrif8ZSy+rdQw2QRAtd74/vmYK6H3BV0eAI:dmCy3KxW3ixPEmxsvGrm8Z6r+JQPzV4I
                                                                                                                                                                                                            MD5:BF38660A9125935658CFA3E53FDC7D65
                                                                                                                                                                                                            SHA1:0B51FB415EC89848F339F8989D323BEA722BFD70
                                                                                                                                                                                                            SHA-256:60C06E0FA4449314DA3A0A87C1A9D9577DF99226F943637E06F61188E5862EFA
                                                                                                                                                                                                            SHA-512:25F521FFE25A950D0F1A4DE63B04CB62E2A3B0E72E7405799586913208BF8F8FA52AA34E96A9CC6EE47AFCD41870F3AA0CD8289C53461D1B6E792D19B750C9A1
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......:.y.~...~...~...w...}...~.......eD.....eD..+...eD..J...eD......eD......eD......eD......Rich~...................PE..L..."._M.........."!.........................0.....x................................u.....@..........................H......d...(.......................P.......$L...!..8...........................hE..@............................................text...!........................... ..`.data....Z...0...N..................@....rsrc................f..............@..@.reloc..$L.......N...j..............@..B................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):172096
                                                                                                                                                                                                            Entropy (8bit):6.3747906238754855
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:3072:1WkHL+UE3r2l5p2WqjgFWcWpPa6QoCzOb/UcODMM4cBqg8UyJNd5uGZzfYtRD+Em:YdNq5YkFuPYzOb/UcODMM4cBqg8UyJNR
                                                                                                                                                                                                            MD5:FB658E2F5E185FE5762B169A388BA0BD
                                                                                                                                                                                                            SHA1:386235AB2F7AD35E82CD9AC97E9B56E1E308BC90
                                                                                                                                                                                                            SHA-256:A91E68C76A90A02D9EDF75E5141C248B3AA5DD612E37883D27065D78A782AF20
                                                                                                                                                                                                            SHA-512:B0EAB6F2572552298CD221AF9E71CA7C02375D92E14F7EBD783F5DC9247964F72E658DBFC4273BD3C36DF57199171263F1A4969F133823965448C552BB514EEC
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........-n.C=.C=.C=...=..C=a..=..C=...=..C=...=..C=.B=..C=...=..C=...=.C=...=.C=...=.C=...=.C=...=.C=Rich.C=........................PE..L...rPjW...........!.....J...@.......-.......`.....o......................................@.............................A............ ...h..............@.......h....c..................................@............`..H............................text....H.......J.................. ..`.rdata..!....`.......N..............@..@.data...X!..........................@....rsrc....h... ...j..................@..@.reloc...".......$...d..............@..B................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):15936
                                                                                                                                                                                                            Entropy (8bit):6.477211573452372
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:Gps25Bnb61mSHhV8nOeet4SzvBQnYPLr7D8/:Gpson1S/8nTetJSC7+
                                                                                                                                                                                                            MD5:ED3F3D8E4C382BF8095B9DE217511E29
                                                                                                                                                                                                            SHA1:CAE91B9228C99DCC88BAC3293822AC158430778C
                                                                                                                                                                                                            SHA-256:800F41B877AA792A8469C4DBB99838E7A833B586EC41BD81DA81EAA571F7FAC1
                                                                                                                                                                                                            SHA-512:023855267C6CC6BD5230E7A922310328E8DC0521C041C038C579035C9B1E70EAC168695B56357793505375E0B134FAD040BB284C6B02B3190EE7F6FCAEC33FE9
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........R%^.<v^.<v^.<vW..v\.<vEx.v_.<vEx.v\.<vEx.v[.<v^.=vo.<vEx.vJ.<vEx.v_.<vEx.v_.<vRich^.<v........PE..L....DjW............................|........ ....@..........................`...........@.................................D#..P....@..h............&..@....P....... ...............................!..@............ ...............................text............................... ..`.rdata....... ......................@..@.data........0......................@....rsrc...h....@......................@..@.reloc.......P.......$..............@..B........................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):52800
                                                                                                                                                                                                            Entropy (8bit):6.433054716020523
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:1536:Rk2X5KQaT9nNrmTTY99ccAlGGzGRulFJWpiDO:RkgUhpmA99ccOGGzGRuPJWpgO
                                                                                                                                                                                                            MD5:6D05EAD2F6B95C4AFFCFB1B27DC0C188
                                                                                                                                                                                                            SHA1:0D04A67505D006493F252985AC294B534D271EF2
                                                                                                                                                                                                            SHA-256:6330591A151E565B5EAB2D174DF8E2F6523A8F403E4E8D8C8DC58D0945881F19
                                                                                                                                                                                                            SHA-512:DBE98FA16162636039853E9A82CADBE4E6D5A4E6E282A3FBBC122229C314C91E7C445FEB83921EBFE024DC09BC6AA76682F903036A2D2BEA363F1D09DD571B10
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......q..D5.w.5.w.5.w..J..7.w.5.v...w.8..6.w.8..6.w.8..9.w.8..7.w.H..2.w.H..4.w.8..4.w.H..4.w.Rich5.w.........................PE..L...pPjW...........!...............................o................................/&....@....................................<.......................@...............................................@............................................text.............................. ..`.rdata..X...........................@..@.data...D...........................@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):116288
                                                                                                                                                                                                            Entropy (8bit):5.7845827860105885
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:3072:UbqmeUF67oaebwU3ta+uHMg9glgFvcfgfgzgG4g9XTXDXp+RuXGXlXdY9vXTXvXQ:8qmeUF67ZeUUVjcIA
                                                                                                                                                                                                            MD5:5AADADF700C7771F208DDA7CE60DE120
                                                                                                                                                                                                            SHA1:E9CF7E7D1790DC63A58106C416944FD6717363A5
                                                                                                                                                                                                            SHA-256:89DAC9792C884B70055566564AA12A8626C3AA127A89303730E66ABA3C045F79
                                                                                                                                                                                                            SHA-512:624431A908C2A835F980391A869623EE1FA1F5A1A41F3EE08040E6395B8C11734F76FE401C4B9415F2055E46F60A7F9F2AC0A674604E5743AB8301DBADF279F2
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........tm....X...X...X.G.X...X.G.X...X.G.X...X.G.X...XR..X...X...X...X.l.X...X.l.X...X.G.X...X.l.X...XRich...X........PE..L...pPjW...........!................=..............o................................|.....@.........................0...K...|...d.......................@....... ......................................@...............4............................text.............................. ..`.rdata..X...........................@..@.data...............................@....rsrc...............................@..@.reloc.. ...........................@..B........................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):86592
                                                                                                                                                                                                            Entropy (8bit):6.686302444148156
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:1536:/QsPinZd9lmzFRQnJ9sSpkWgVenAe7C3xWxNO3A4:lPE9lEmtpkj7eqWxNCA4
                                                                                                                                                                                                            MD5:5E6DDF7CF25FD493B8A1A769EF4C78F7
                                                                                                                                                                                                            SHA1:42748051176B776467A31885BB2889C33B780F2D
                                                                                                                                                                                                            SHA-256:B9BEACA57BFF23C953917C0B2037351EF3334E6A9DE447DCA6542FE5C815BF9F
                                                                                                                                                                                                            SHA-512:C47F742F064B99E5B9C2BDEAC97472D9D8C9466C9071E9799AF79F820199D9B30B198C33EF635F07A972B77475AFEA9E7417AA6335D22A7380E7B0E552869C18
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......!3.ueRr&eRr&eRr&...&gRr&eRs&ERr&h..&fRr&h..&oRr&h..&hRr&h..&gRr&.+.&nRr&.+.&dRr&h..&dRr&.+.&dRr&RicheRr&........PE..L...qPjW...........!................~..............o................................O.....@........................../..B...D4..<....p...............:..@.......\...................................0...@...............|............................text...4........................... ..`.rdata..*w.......x..................@..@.data...$....@....... ..............@..._RDATA.......`.......(..............@..@.rsrc........p.......0..............@..@.reloc..\............4..............@..B................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):14912
                                                                                                                                                                                                            Entropy (8bit):6.381906222478272
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:192:kNncquU+hyD13XLPVlD6o+N9F5os7USnYe+PjPriT0fwXF27:kNcWp7PVl67/nYPLr7s27
                                                                                                                                                                                                            MD5:3C9DC0ED8ADD14A0E5B845C1ACC2FF2E
                                                                                                                                                                                                            SHA1:25C395ADE02199BEDCEE95C65E088B758CD84435
                                                                                                                                                                                                            SHA-256:367C552FBA3DA5F22791CF8F22B983871639ECD2EF7F5B1880021FE4C4F65EE4
                                                                                                                                                                                                            SHA-512:4DD5F68180D03B6621E46732F04B47F996B96F91F67845538D1B303E598CCFDB5E4F785A76DE7DFCB8918125FDB06B9068C4EAB06984B5AA9224DCE90190BA1A
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Z>Mg._#4._#4._#4.'.4._#4..4._#4..4._#4..4._#4._"4>_#4..4._#4..4._#4..4._#4..4._#4Rich._#4................PE..L...pPjW...........!......................... .....o.........................`.......>....@..........................%......\"..d....@..............."..@....P..D.... ...............................!..@............ ...............................text............................... ..`.rdata....... ......................@..@.data...`....0......................@....rsrc........@......................@..@.reloc.......P....... ..............@..B........................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):15936
                                                                                                                                                                                                            Entropy (8bit):6.466364086630595
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:Gpss5cnn6vmSHhV8TI1ee84SzK8nYPLr7HuY:Gps7nnS/8Tte8tC7HuY
                                                                                                                                                                                                            MD5:12B6E1C3205A8B17AC20E00A889DFC43
                                                                                                                                                                                                            SHA1:42458CFA7135858ACEF10803B87A208FA7E66413
                                                                                                                                                                                                            SHA-256:EAEA20A794EC6BB15808EF278376A87CF91F9BE15FE6A7DE92014AC4BF75555D
                                                                                                                                                                                                            SHA-512:174703820636DED2BA081420A8D1E37D67FDA6C13AC406C2F08E16DCF0C7B7D9642E37BC888802B50ED3438D6029C4FECCD7C151B82CF9A91F13F36C4A0B2019
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........R%^.<v^.<v^.<vW..v\.<vEx.v_.<vEx.v\.<vEx.v[.<v^.=vo.<vEx.vJ.<vEx.v_.<vEx.v_.<vRich^.<v........PE..L....DjW............................|........ ....@..........................`......r.....@.................................4#..P....@..H............&..@....P....... ...............................!..@............ ...............................text............................... ..`.rdata....... ......................@..@.data........0......................@....rsrc...H....@......................@..@.reloc.......P.......$..............@..B........................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):15936
                                                                                                                                                                                                            Entropy (8bit):6.475930674615241
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:GpsFG5BnK6xmSHhV8TCeeX4SzREnYPLr7Ggp:Gpsen0S/8TveXUC7jp
                                                                                                                                                                                                            MD5:31C0CED43A07A2DFF3AFC557EBABBE0F
                                                                                                                                                                                                            SHA1:9100A7393B919EB35C79CE16A559D783219E2F20
                                                                                                                                                                                                            SHA-256:B93D0D62436D89C84C66ABBDCF817084A6BA01F7E10053C8F343DF5D53D37536
                                                                                                                                                                                                            SHA-512:716818BBF6E4F21C2A627259F1D35E8375EFEF9C3B197B3AF6E10A4A1735CC643141C32270DF7F6FE25733517BE38CAA09205B98119996237E8EAE6A7D0825A7
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........R%^.<v^.<v^.<vW..v\.<vEx.v_.<vEx.v\.<vEx.v[.<v^.=vo.<vEx.vJ.<vEx.v_.<vEx.v_.<vRich^.<v........PE..L....DjW............................|........ ....@..........................`......84....@.................................D#..P....@..h............&..@....P....... ...............................!..@............ ...............................text............................... ..`.rdata....... ......................@..@.data........0......................@....rsrc...h....@......................@..@.reloc.......P.......$..............@..B........................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):15936
                                                                                                                                                                                                            Entropy (8bit):6.475447140204412
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:Gps85BnF26emSHhV8QM1eet4SzvBonYPLr7I:GpsGnFjS/8QBetJWC7I
                                                                                                                                                                                                            MD5:43C1D1D0E248604CB3B643C0BDF4EC9A
                                                                                                                                                                                                            SHA1:7BEE9DEB1E43F0FECF0FC57BDFD3F79CF048151F
                                                                                                                                                                                                            SHA-256:165BFF317674BE33F2920320F3EF0957539E5BF149B673C2073DF48FF93A6D94
                                                                                                                                                                                                            SHA-512:CAA9B14DF20FFF92CFC4F9A8557804FBD4CC02831824CD53AEAC7D0EE7918BBD50E22A69AB5FFC9E92A468A5201DF263707D373D60378817DC5FEFDE1ABC48BF
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........R%^.<v^.<v^.<vW..v\.<vEx.v_.<vEx.v\.<vEx.v[.<v^.=vo.<vEx.vJ.<vEx.v_.<vEx.v_.<vRich^.<v........PE..L....DjW............................|........ ....@..........................`.......t....@.................................D#..P....@..h............&..@....P....... ...............................!..@............ ...............................text............................... ..`.rdata....... ......................@..@.data........0......................@....rsrc...h....@......................@..@.reloc.......P.......$..............@..B........................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):177216
                                                                                                                                                                                                            Entropy (8bit):6.909590121652277
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:3072:L9Wyo+Jyru3w8WqWnJjOUrI7vh+Dug9PVWU+kmaVE9TBfQiJ8:BWyPsi34i+DugFj+kmaVE9TB4/
                                                                                                                                                                                                            MD5:8DC2356E3FF3A595AEDE81594A2D259A
                                                                                                                                                                                                            SHA1:A05E05E9EA8FB0C8928112CA931EB4F5E977B92A
                                                                                                                                                                                                            SHA-256:B9DE5D3ABBC0AC956E7F590E4C8507FF570B6C353374BB80F413B5846CE322FE
                                                                                                                                                                                                            SHA-512:D5C83EBDB7192DD361856B236A07AFD4FF95E68E0036396D68A3407ED680D4A36EC857AB101DBA5F583AA67CC45A2835178DAC84A68472C7F619EFA674FE51F0
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....................8h....z.l.....8j.....8_......_......g.......h....8^......8o.....8n.....8i....Rich...........................PE..L...pPjW...........!...............................o......................................@.........................`...........P.......................@...........`...................................@...............D...|...@....................text............................... ..`.rdata..]...........................@..@.data....1..........................@....rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):473152
                                                                                                                                                                                                            Entropy (8bit):5.475991416072106
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:6144:ngmgmb+p19k+j4QJKFDSha+IJ6NyLu/wtAWvrMZp5WMuBzj:n17bsj4QJlha+XNyLu/iAWvhBzj
                                                                                                                                                                                                            MD5:79CFE207E05F771E29847573593F6DE1
                                                                                                                                                                                                            SHA1:34DFA813802C6F5A57A557BF72B2B306F8042E90
                                                                                                                                                                                                            SHA-256:AEB27727F428116069944BB92B477D7487C9DEB3921E1005814536459E35222F
                                                                                                                                                                                                            SHA-512:2C71A827BB156BD012BE20B30D701D5123D8B6C7889D4F4A47A483D3477C25BF224E7F205CA9FCCB08DA0A2EF28AF6433D018A0E555BCE911C31A5F462F41578
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......@.....@..@..@..4@..@.u2@..@.u.@..@../@..@..?@..@..@:.@k..@..@.u.@\.@.u7@..@.u6@..@.u1@..@Rich..@........PE..L...pPjW...........!.....^..........r .......p.....o.........................p............@.........................@D.......+...........s........... ..@.... ..H6...t..................................@............p.......).......................text...\\.......^.................. ..`.rdata.......p.......b..............@..@.data....I...P...*...8..............@....rsrc....s.......t...b..............@..@.reloc...H... ...J..................@..B................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):52800
                                                                                                                                                                                                            Entropy (8bit):6.367562931371078
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:768:0UD9dxWf4b4UoY6sUsaJ2sQ7O+phclByW3T9KMDbgz2dN6lDb/9/YMw0c3D6QsTY:0IofovBbS9KMvHR0cz6QsTPOXm2BT9j7
                                                                                                                                                                                                            MD5:F434A8AC7F1C8C0E2587B9A9F30E397B
                                                                                                                                                                                                            SHA1:BD62E10E44117A60EB4180412112593D9460299D
                                                                                                                                                                                                            SHA-256:6A994B389B8F7109238DE6F230B1B540186ED2EC8D081C7601C6996863AA4DC8
                                                                                                                                                                                                            SHA-512:9896DAC36BD4F7289C7701B75AD8EB9F7ACD233384075A3FBA6E6F2F38E420F37C1A29317EEEA3C4DDBA1791F6F17187DD5BDFDD9F98F095E7D4DF20C0D5EA3E
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Hi.m...>...>...>..u>...>.Fq>...>..w>...>..C>...>.pj>...>.pz>...>...>...>c~B>...>..B>...>..s>...>..t>...>Rich...>........PE..L....HjW.................f...R.......i............@.................................._....@.....................................x.......................@.......X...@...............................P...@...................`........................text....e.......f.................. ..`.rdata...5.......6...j..............@..@.data...............................@....rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):123968
                                                                                                                                                                                                            Entropy (8bit):6.699694377005066
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:1536:jWi/SLhxEJKv0O4+zwtKg3HquHB2u0YUdRXGCDilgKptxG0ULtt1vtxgl0IlgqA2:+vdtg6ZYUniPe5vtxgl0IlgqA2
                                                                                                                                                                                                            MD5:0BAB62A0CF67481EA2A7F3CAFD7C5144
                                                                                                                                                                                                            SHA1:D6B010C815F4D9C675DF918B615FE0AAE45249EA
                                                                                                                                                                                                            SHA-256:FC57682FDBCA50FAEBFC6B4F5D199FC407A541C110C15F0C850503006D32301A
                                                                                                                                                                                                            SHA-512:0128813DE247246BF4AECE1B222B6611E5AE1EDE01A1B339CFE0F98184739D7A066DAE4F1A271F544BB39F9B79F053F4B96F2E471B9444C29855CF52FB7835CB
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......y..@=..=..=..4.1.?....:.<..&G>.>..=.....&G<.:..&G..>..&G.....&G9.<..&G8.<..&G?.<..Rich=..................PE..L...qPjW...........!.........................0.....p......................................@.........................p...:...\...<.......................@............0..................................@............0...............................text............................... ..`.rdata.......0......................@..@.data...............................@....rsrc...............................@..@.reloc..>...........................@..B................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):25664
                                                                                                                                                                                                            Entropy (8bit):6.488681310308951
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:GxZ2v7Oc56lspQEgde9M3z27lFOJIjkzIPV5yKlWFKbKwnYPLr7Wo5L:Xr5PQEOe9MD4lFhjk8ddeKWwC7dL
                                                                                                                                                                                                            MD5:039AD8A7A4B14C321F156878838A2340
                                                                                                                                                                                                            SHA1:6AD9D2FBA988193D16E7B3278C0D0757AB99B3EF
                                                                                                                                                                                                            SHA-256:ED3AD7EBA989FB31C2ABC3220694D1446D33659782CB1B333318EC54A577389D
                                                                                                                                                                                                            SHA-512:7D5B8C191A7D0C4FEDB831DE197A3CB5DC0564AD3F2E57EEE8C506B2308B656D2F0FE086D508FAB8F03CA0E1B0574E708728373DFA3116C9B9FC5DFDB72FEE46
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........O.............................;......V...............:..........................Rich....................PE..L...rPjW...........!.....(..."......h2.......@.....p.................................3....@.........................`O.......G..d....p...............L..@...........PA..............................8D..@............@..4............................text....&.......(.................. ..`.rdata..8....@.......,..............@..@.data...`....`.......B..............@....rsrc........p.......D..............@..@.reloc..^............H..............@..B........................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):195136
                                                                                                                                                                                                            Entropy (8bit):6.80727029211823
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:3072:fmtIwyq6lFq857zCYLFYEVothL10xYOXjV5qECVTHLy71vJ2qIcWYEfQQxIYh5t+:mIwyqM7qYLVVIqhfqfTm1W+Tws
                                                                                                                                                                                                            MD5:E1904A4B2D6F657B9FEF053893FE3C41
                                                                                                                                                                                                            SHA1:59AC965A1029AE936DDD5AE623A9A025D49737EC
                                                                                                                                                                                                            SHA-256:5929E3510F67FEAE073B8995BFC542FD7A0626F57D2FBC829EFC95206DF8F85F
                                                                                                                                                                                                            SHA-512:C0A60928299EA2E6DC8AD1E3DE9CEF77C8E520585F8D73BD7F56E33705D1A2AEC04AE9C01A8069AE5A0D71F28AEF42F4A260CF4D5BB44A95DCEB70E5C8DB8FEA
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......`.zS$...$...$...-..&...?>..'...?>..!...$.......?>.. ...?>......?>..%...?>..%...?>..%...Rich$...................PE..L...pPjW...........!.....f...........p.............p......................... .......]....@.............................f...\...P.......................@...............................................@............................................text....e.......f.................. ..`.rdata..v[.......\...j..............@..@.data...............................@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):16448
                                                                                                                                                                                                            Entropy (8bit):6.392776971200692
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:GpssZwnvNmc6DDmSHhV8Ogee1cGPnYPLr7fl:GpssqnFm16S/8OVeLC7fl
                                                                                                                                                                                                            MD5:7624A9B769CDCF3A75FE5A9FEAADD61F
                                                                                                                                                                                                            SHA1:9269968968CD63D6E1ECC14F78B9A630FCC26FBE
                                                                                                                                                                                                            SHA-256:41F9A804C888A58DECDE2B63A544DBFF536B40D87CECED197E1A14050858C0DA
                                                                                                                                                                                                            SHA-512:1AF7BB30E1FC7600AD0A209DB4E077DAB9CEAA5C4332F8B1353ED0DB7EA71B4A9B7D126E756B634D3FB22618E39AFC5ED52263C88E9F7646EAABB0D9240E382B
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........R%^.<v^.<v^.<vW..v\.<vEx.v_.<vEx.v\.<vEx.v[.<v^.=vo.<vEx.vJ.<vEx.v_.<vEx.v_.<vRich^.<v........PE..L....DjW............................z........ ....@..........................`......n.....@..................................#..P....@..\............(..@....P....... ..............................."..@............ ...............................text............................... ..`.rdata..J.... ......................@..@.data........0......................@....rsrc...\....@......................@..@.reloc.......P.......&..............@..B........................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):65600
                                                                                                                                                                                                            Entropy (8bit):6.461111208462538
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:1536:lVeogiQWo3IzLIoDY9p6K/sdDAZ5e1x3afX:veDib4oDu4K/sdDAZ5CxEX
                                                                                                                                                                                                            MD5:806580640A68234A711D3BB0642130A7
                                                                                                                                                                                                            SHA1:1EDF20DAAC15FE90E9891E95130D0DD70D005B62
                                                                                                                                                                                                            SHA-256:CCCC2A9F54E4F5961DD45DAA1F6C97ECFB156EA8E0DF82277A2C109EA4D2E036
                                                                                                                                                                                                            SHA-512:0AAC087449DEECBB1CFAEE5C3144500CDC4C1D209D1F1F7D8EB41DD7870504BF71D0CC9AE7761BFC609F42273B7FB3CA7801AA54FB0E92BC71C41CC5CAECD31C
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........D.H%..H%..H%..A]).J%...k".I%..S.$.L%..S...D%..S.&.O%..H%..w%..S...A%..S.!.I%..S. .I%..S.'.I%..RichH%..........PE..L...pPjW...........!.........L.....................p......................... .......<....@.........................`...........d.......................@...........................................P...@............................................text............................... ..`.rdata..q-..........................@..@.data...............................@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):159296
                                                                                                                                                                                                            Entropy (8bit):6.019927381236816
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:3072:9vFy5zbJEQFFB9AYeb11tzTQrTBfYEaf9zQ6NlUlh5:7iFry3b11twTBgEaf9zQ6Nc
                                                                                                                                                                                                            MD5:C15F0FE651B05F4288CBC3672F6DC3CE
                                                                                                                                                                                                            SHA1:FFCE84FE532B41F31CDDC41C84024FAFE6BC30E6
                                                                                                                                                                                                            SHA-256:869DC4D40444F10325057B0CC3BB7EA48942DD712DF8A1AE331A554FF0397F1A
                                                                                                                                                                                                            SHA-512:E9E27C4C68972E3250B380C1A5D5EB02BEC03028D389234A44A7D56974BFA233D177173F929BDB6FF877AE17A529D85D384684B0037E260A0143F7A95A0204C6
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......ar.:%..i%..i%..i,kKi'..i.]@i&..i>.Di&..i%..in..i>.Fi ..i>.ri8..i>.si,..i>.Bi$..i>.Ei$..iRich%..i........PE..L....DjW..........................................@..................................c....@..................................p..<....................V..@........... ...............................@6..@............q...............................text............................... ..`.rdata.............................@..@.data........P.......(..............@....idata..D....p.......8..............@....rsrc................B..............@..@.reloc...............J..............@..B........................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):39488
                                                                                                                                                                                                            Entropy (8bit):6.751057397220933
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:768:Okt1MVMrA9/Klzwz9UyCgMUt9onPs3h3nVt83OndMY7dmMpAnC70N:Oo1oMQ/CrPa3VWO+gdmMW6q
                                                                                                                                                                                                            MD5:DE2167A880207BBF7464BCD1F8BC8657
                                                                                                                                                                                                            SHA1:0FF7A5EA29C0364A1162A090DFFC13D29BC3D3C7
                                                                                                                                                                                                            SHA-256:FD856EA783AD60215CE2F920FCB6BB4E416562D3C037C06D047F1EC103CD10B3
                                                                                                                                                                                                            SHA-512:BB83377C5CFF6117CEC6FBADF6D40989CE1EE3F37E4CEBA17562A59EA903D8962091146E2AA5CC44CFDDDF280DA7928001EEA98ABF0C0942D69819B2433F1322
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......W.d....]...]...]...]...].H.]...].H.]...].H.]...]...]_..].H.]...].H.]...].H.]...].H.]...]Rich...]........................PE..L...pPjW...........!.....N...4.......W.......`.....p................................*k....@.................................<x..P.......................@...........Pa...............................v..@............`..<............................text....L.......N.................. ..`.rdata..e!...`..."...R..............@..@.data...(............t..............@....rsrc................v..............@..@.reloc...............z..............@..B................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):21568
                                                                                                                                                                                                            Entropy (8bit):6.4868701533420925
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:uVI9/tEAHVvfiqiW9LEiGTHb6hVXbS7fLsD5bGGNET7T7T7T7JyFoynPV5hgGLVt:uVI9/yA9f1iW9LEiGTHb6hVXbS7QbGG9
                                                                                                                                                                                                            MD5:7C2959F705B5493A9701FFD9119C5EFD
                                                                                                                                                                                                            SHA1:5A52D57D1B96449C2B40A82F48DE2419ACA944C3
                                                                                                                                                                                                            SHA-256:596F89E7E5D9AC2B1F97FA36A20A7405C1CC41A9FCBA96DB089ADA4550131B24
                                                                                                                                                                                                            SHA-512:B7B48BD14701F75B9018BEDEE5A4CFCEBDAC342F83339FB3F1EFB7855598474C9D1CC993B5D4ADD3326140435087D2BD7CBBC18BC76C64EAD6234A9A7D57C552
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......D..3..`..`..`.E.`..`.E.`..`.E `..`...`..`..`2.`.E!`..`.E.`..`.E.`..`.E.`..`Rich..`........................PE..L...pPjW...........!.........".......#.......0.....p.................................h....@.........................@B.......<..x....`...............<..@....p.......0...............................;..@............0...............................text............................... ..`.rdata..6....0......................@..@.data........P.......2..............@....rsrc........`.......4..............@..@.reloc..&....p.......8..............@..B................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):163904
                                                                                                                                                                                                            Entropy (8bit):6.508553433039132
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:3072:onzJtwzsrYx6cY+90AiVrM5muIqltkt7maRoM/X1fJqO0NJT:onttwzsrYxTaVVY5muIq3mx/X1fcb
                                                                                                                                                                                                            MD5:A63387A1BFDF760575B04B7BFD57FF89
                                                                                                                                                                                                            SHA1:9384247599523D97F40B973A00EE536848B1D76F
                                                                                                                                                                                                            SHA-256:5DF5B7E6EFCC345DDC8448AFC707B666F5F696F554B00ACA64D8E23EDBC176BF
                                                                                                                                                                                                            SHA-512:CB3A6A394424345FFA076E0BE58F284A0E4DB6FBFCE02D93FB4871D350A7FA1E673175AE988C26453DB1C983C0D06A01DD413DE47031BB4BF308CAAF3513C36F
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........5...T.^.T.^.T.^..)^.T.^../^.T.^...^&T.^.".^.T.^.,2^.T.^.,"^.T.^.T.^MT.^...^.T.^..*^.T.^..+^.T.^..,^.T.^Rich.T.^................PE..L...rPjW...........!...............................p......................................@.................................D........p..P............h..@.......d...................................P...@.......................@....................text............................... ..`.rdata...d.......f..................@..@.data...`@... ..."..................@....rsrc...P....p.......(..............@..@.reloc..~/.......0...8..............@..B........................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):69696
                                                                                                                                                                                                            Entropy (8bit):6.89860109289213
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:1536:ZCghp1EJqcGdjandlraksIOwIOpVnToIft4tpgO6:/142jUhimp9TBft4tqO6
                                                                                                                                                                                                            MD5:CB99B83BBC19CD0E1C2EC6031D0A80BC
                                                                                                                                                                                                            SHA1:927E1E24FD19F9CA8B5191EF3CC746B74AB68BCD
                                                                                                                                                                                                            SHA-256:68148243E3A03A3A1AAF4637F054993CB174C04F6BD77894FE84D74AF5833BEC
                                                                                                                                                                                                            SHA-512:29C4978FA56F15025355CE26A52BDF8197B8D8073A441425DF3DFC93C7D80D36755CC05B6485DD2E1F168DF2941315F883960B81368E742C4EA8E69DD82FA2BA
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........H....................2.................4.....................5.............................Rich............PE..L...pPjW...........!.........h.....................p.........................0......V.....@.................................L...d.......................@.... ..X...0...................................@............................................text............................... ..`.rdata..wV.......X..................@..@.data...............................@....rsrc...............................@..@.reloc....... ......................@..B........................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):155
                                                                                                                                                                                                            Entropy (8bit):4.618267268558291
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:3:nSkoZgZLXnuWxVEsTwVAAiuKIn7IRAdSPGGzJ0vwQAnfMaAHCRyvy:nBcAPWEwVAkIiSPhwwpkaAHCIa
                                                                                                                                                                                                            MD5:9E5E954BC0E625A69A0A430E80DCF724
                                                                                                                                                                                                            SHA1:C29C1F37A2148B50A343DB1A4AA9EB0512F80749
                                                                                                                                                                                                            SHA-256:A46372B05CE9F40F5D5A775C90D7AA60687CD91AAA7374C499F0221229BF344E
                                                                                                                                                                                                            SHA-512:18A8277A872FB9E070A1980EEE3DDD096ED0BBA755DB9B57409983C1D5A860E9CBD3B67E66FF47852FE12324B84D4984E2F13859F65FABE2FF175725898F1B67
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:#..# Load the Java Access Bridge class into the JVM..#..#assistive_technologies=com.sun.java.accessibility.AccessBridge..#screen_magnifier_present=true....
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):1438
                                                                                                                                                                                                            Entropy (8bit):5.214662998532387
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:24:QVDpdQYHLOVhl86bePCkHUMCLC9TFcgg+DR+Oby:MQ4LOVh2WGfUMCLC9Zcgg2Ru
                                                                                                                                                                                                            MD5:92BA2D87915E6F7F58D43344DF07E1A6
                                                                                                                                                                                                            SHA1:872BC54E53377AAC7C7616196BCCE1DB6A3F0477
                                                                                                                                                                                                            SHA-256:68F0CF30429A42A6FE78B1DE91970E5C78FD03D1599BEB080C1C196D5C59E4C0
                                                                                                                                                                                                            SHA-512:A964E2CEB4D601FAF28ECF13FB11777B70708C21CF9EA23721E462B6E911051108B8A42EBF6447FA49CB61D7FA2D79475F50EE791F1121616371E2B02FAB71B6
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:# Copyright (c) 2005, 2013, Oracle and/or its affiliates. All rights reserved...# ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms...#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#....#..# Japanese imperial calendar..#..# Meiji since 1868-01-01 00:00:00 local time (Gregorian)..# Taisho since 1912-07-30 00:00:00 local time (Gregorian)..# Showa since 1926-12-25 00:00:00 local time (Gregorian)..# Heisei since 1989-01-08 00:00:00 local time (Gregorian)..calendar.japanese.type: LocalGregorianCalendar..calendar.japanese.eras: \...name=Meiji,abbr=M,since=-3218832000000; \...name=Taisho,abbr=T,since=-1812153600000; \...name=Showa,abbr=S,since=-1357603200000; \...name=Heisei,abbr=H,since=600220800000....#..# Taiwanese calendar..# Minguo since 1911-01-01 00:00:00 local time (Gregorian)..calendar.taiwanese.type: LocalGregorianCalendar..calendar.taiwanese.eras: \...name=MinGuo,since=-1830384000000....#..# Thai Buddhist calendar..# Buddhist Era since -5
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:Java archive data (JAR)
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):3091908
                                                                                                                                                                                                            Entropy (8bit):6.633254981822853
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:49152:puZi4j4TQkgaSOHEhjy2twRYEc1sJzlbguMuD:puZiW4smxGocuJlbgq
                                                                                                                                                                                                            MD5:0B3923ABB0D48FDAE7A2306717967B39
                                                                                                                                                                                                            SHA1:0882294FFEC2769023AA36FF9CC53562F8E26020
                                                                                                                                                                                                            SHA-256:E88AEC2A49F07CAC9471D9E4C113FA189600B57245685814D043C20EA8A8B471
                                                                                                                                                                                                            SHA-512:CF622081B290140CE8419B30FB25442F7204C9A37E1490030A4D656F66C509946F48C50CC7794DA51007EFB202805605FE3C2AC3534D63FBF928EA35CE16A040
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:PK........s..H................META-INF/....PK........s..H<:S1D...D.......META-INF/MANIFEST.MFManifest-Version: 1.0..Created-By: 1.7.0_07 (Oracle Corporation)....PK...........HUi..............sun/nio/cs/ext/Big5.class.......4."..........t....t............................................................................................................................................................................................................................................................................................................................................................................~.........b2cSBStr...Ljava/lang/String;...ConstantValue...b2cStr...[Ljava/lang/String;...b2c...[[C...b2cSB...[C...b2cInitialized...Z...c2b...c2bIndex...c2bInitialized...<init>...()V...Code...LineNumberTable...historicalName...()Ljava/lang/String;...contains...(Ljava/nio/charset/Charset;)Z...StackMapTable...newDecoder..#()Ljava/nio/charset/CharsetDecoder;...newEncoder..#()Ljava/nio/charset/Ch
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):84355
                                                                                                                                                                                                            Entropy (8bit):4.927199323446014
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:1536:4X/nxfn5rxLyMznYolTzlff5OK3COHoHNG5rb/cxNwmCX1g86K2oWdAqNqc+KMjD:qxn5rxLyMzbf5OK3CJNG51g86A
                                                                                                                                                                                                            MD5:7FC71A62D85CCF12996680A4080AA44E
                                                                                                                                                                                                            SHA1:199DCCAA94E9129A3649A09F8667B552803E1D0E
                                                                                                                                                                                                            SHA-256:01FE24232D0DBEFE339F88C44A3FD3D99FF0E17AE03926CCF90B835332F5F89C
                                                                                                                                                                                                            SHA-512:B0B9B486223CF79CCF9346AAF5C1CA0F9588247A00C826AA9F3D366B7E2EF905AF4D179787DCB02B32870500FD63899538CF6FAFCDD9B573799B255F658CEB1D
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:java/lang/Object..java/lang/String..java/io/Serializable..java/lang/Comparable..java/lang/CharSequence..java/lang/Class..java/lang/reflect/GenericDeclaration..java/lang/reflect/AnnotatedElement..java/lang/reflect/Type..java/lang/Cloneable..java/lang/ClassLoader..java/lang/System..java/lang/Throwable..java/lang/Error..java/lang/ThreadDeath..java/lang/Exception..java/lang/RuntimeException..java/lang/SecurityManager..java/security/ProtectionDomain..java/security/AccessControlContext..java/security/SecureClassLoader..java/lang/ClassNotFoundException..java/lang/ReflectiveOperationException..java/lang/NoClassDefFoundError..java/lang/LinkageError..java/lang/ClassCastException..java/lang/ArrayStoreException..java/lang/VirtualMachineError..java/lang/OutOfMemoryError..java/lang/StackOverflowError..java/lang/IllegalMonitorStateException..java/lang/ref/Reference..java/lang/ref/SoftReference..java/lang/ref/WeakReference..java/lang/ref/FinalReference..java/lang/ref/PhantomReference..sun/misc/Cleaner
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:Sun KCMS color profile 2.0, type KCMS, XYZ/XYZ-spac device, 51236 bytes, 2-12-1997 18:50:04, dependently, PCS X=0xf6b3 Z=0xd2f8 "XYZ to XYZ Identity Profile"
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):51236
                                                                                                                                                                                                            Entropy (8bit):7.226972359973779
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:1536:2Qnt0y7xFNksbeCqY39JJ8GmaNo68GmaNo68GmaNoW:JOy7xXjtqYNfHxNo6HxNo6HxNoW
                                                                                                                                                                                                            MD5:10F23396E21454E6BDFB0DB2D124DB85
                                                                                                                                                                                                            SHA1:B7779924C70554647B87C2A86159CA7781E929F8
                                                                                                                                                                                                            SHA-256:207D748A76C10E5FA10EC7D0494E31AB72F2BACAB591371F2E9653961321FE9C
                                                                                                                                                                                                            SHA-512:F5C5F9FC3C4A940D684297493902FD46F6AA5248D2B74914CA5A688F0BAD682831F6060E2264326D2ECB1F3544831EB1FA029499D1500EA4BFE3B97567FE8444
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:...$KCMS....spacXYZ XYZ .........2..acspSUNW....KODA.ODA............................................................................A2B0.......4B2A0.......4cprt.......Gwtpt...T....desc...h....K070........K071........mft2................................................................................................................ !!""##$$%%&&''(())**++,,--..//00112233445566778899::;;<<==>>??@@AABBCCDDEEFFGGHHIIJJKKLLMMNNOOPPQQRRSSTTUUVVWWXXYYZZ[[\\]]^^__``aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz{{||}}~~.................................................................................................................................................................................................................................................................................................................................. !!""##$$%%&&''(())**++,,--..//00112233445566778899::;;<<==>>??@@AABBCCDDEEFFGGHHIIJJKKLLMMNNOOPPQQRRSSTTUUVVWWXXYYZZ[[\\]]^^__``aabbccddeeffgghhiijjkkllmm
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:Sun KCMS color profile 2.0, type KCMS, GRAY/XYZ-mntr device, KODA/GRAY model, 632 bytes, 27-7-95 17:30:15, embedded, relative colorimetric, PCS Z=0xd32b "KODAK Grayscale Conversion - Gamma 1.0"
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):632
                                                                                                                                                                                                            Entropy (8bit):3.7843698642539243
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:12:51AP3fJgXQ531yqQac/lkgz42WlHlYujlOl9Fhl:vA2XQCqpUlkgzulHiXl3hl
                                                                                                                                                                                                            MD5:1002F18FC4916F83E0FC7E33DCC1FA09
                                                                                                                                                                                                            SHA1:27F93961D66B8230D0CDB8B166BC8B4153D5BC2D
                                                                                                                                                                                                            SHA-256:081CAAC386D968ADD4C2D722776E259380DCF78A306E14CC790B040AB876D424
                                                                                                                                                                                                            SHA-512:334D932D395B46DFC619576B391F2ADC2617E345AFF032B592C25E333E853735DA8B286EF7542EB19059CDE8215CDCEA147A3419ED56BDD6006CA9918D0618E1
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:...xKCMS....mntrGRAYXYZ ._..........acspSUNW....KODAGRAY.......................+....................................................cprt.......?desc........dmnd.......`wtpt........kTRC........dmdd.......dtext....COPYRIGHT (c) 1997 Eastman Kodak, All rights reserved...desc.......'KODAK Grayscale Conversion - Gamma 1.0..................@...............~.......................~.......~..............desc........KODAK..................@..................................................,...,....XYZ ...............+curv............desc........Grayscale..................@..................................................,...,....
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:color profile 2.0, type KCMS, RGB/XYZ-mntr device by KODK, 1044 bytes, 2-2-1998, PCS Z=0xd32c "linear sRGB"
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):1044
                                                                                                                                                                                                            Entropy (8bit):6.510788634170065
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:6:zwuau/7De0/q98EAsBIMD/WvaKIV4R0/lCAEdD0WlV9AEdwKKt/n3knR3lfR/NHD:zw7ePB/rEAsBIkVuUlAYKu/nUnKw
                                                                                                                                                                                                            MD5:A387B65159C9887265BABDEF9CA8DAE5
                                                                                                                                                                                                            SHA1:7913274C2F73BAFCF888F09FF60990B100214EDE
                                                                                                                                                                                                            SHA-256:712036AA1951427D42E3E190E714F420CA8C2DD97EF01FCD0675EE54B920DB46
                                                                                                                                                                                                            SHA-512:359D9B57215855F6794E47026C06036B93710998205D0817C6E602B2A24DAEB92537C388F129407461FC60180198F02A236AEB349A17430ED7AC85A1E5F71350
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:....KCMS....mntrRGB XYZ ............acsp........KODK...........................,KODK................................................cprt.......Hdesc...8....rXYZ........gXYZ........bXYZ........rTRC........gTRC........bTRC........wtpt........text....Copyright (c) Eastman Kodak Company, 1998, all rights reserved..desc........linear sRGB............l.i.n.e.a.r. .s.R.G.B.....linear sRGB........................................................XYZ ......m...6.....XYZ ......e........!XYZ ......#B...^...Kcurv........................................................................ !!""##$$%%&&''(())**++,,--..//00112233445566778899::;;<<==>>??@@AABBCCDDEEFFGGHHIIJJKKLLMMNNOOPPQQRRSSTTUUVVWWXXYYZZ[[\\]]^^__``aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz{{||}}~~..........................................................................................................................................................................................................................................
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:Sun KCMS color profile 2.0, type KCMS, 3CLR/Lab-spac device, 274474 bytes, 6-11-1996 7:50:04, PCS X=0xf6b3 Z=0xd2f8 "Std Photo YCC Print"
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):274474
                                                                                                                                                                                                            Entropy (8bit):7.843290819622709
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:6144:nJleRNRyAnAqNaADEJHeeeeevoAuaiqwV6sg0pUjRVgYgI:nJleRNRpN0j3qhjRC9I
                                                                                                                                                                                                            MD5:24B9DEE2469F9CC8EC39D5BDB3901500
                                                                                                                                                                                                            SHA1:4F7EED05B8F0EEA7BCDC8F8F7AAEB1925CE7B144
                                                                                                                                                                                                            SHA-256:48122294B5C08C69B7FE1DB28904969DCB6EDC9AA5076E3F8768BF48B76204D0
                                                                                                                                                                                                            SHA-512:D23CE2623DE400216D249602486F21F66398B75196E80E447143D058A07438919A78AE0ED2DDF8E80D20BD70A635D51C9FB300E9F08A4751E00CD21883B88693
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:..0*KCMS....spac3CLRLab .........2..acspSUNW....KODAnone............................................................................A2B0... ...4B2A0...T..f4cprt..-....Gdmnd..-....ndmdd...@...zwtpt........desc.......nK013../@....K019../L....K030../.....K031..0.....K070..0.....K071..0 ....mft2.....................................................K.S.8.....l.....0...3.........U.. .!h".$.%\&.'.)5*y+.,..5/o0.1.3.4E5v6.7.8.:*;S<z=.>.?.A.B,CLDkE.F.G.H.I.K.L!M7NLO`PsQ.R.S.T.U.V.W.X.Y.[.\.].^._%`,a2b8c=dAeEfHgJhLiMjMkMlLmKnIoFpCq@r;s7t1u,v%w.x.y.z.z.{.|.}.~...............p.b.S.C.3.#..............~.j.U.@.+.............t.\.C.*...........r.W.;...........p.R.3..........w.V.6.........l.J.'........v.R.-.......t.N.(.......f.?........v.N.%........U.+.......U.*......z.N."......n.@.......Z.+......o.@.........P. .......\.+.......d.1...........................z.p.f.[.Q.G.=.3.). ........................ .!.".#.$.%.&{'s(k)d*]+U,N-G.@/9021,2%3.4.5.6.7.8.8.9.:.;.<.=.>.?.@.A.B.C.D.E.F.
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:Microsoft color profile 2.1, type Lino, RGB/XYZ-mntr device, IEC/sRGB model by HP, 3144 bytes, 9-2-1998 6:49:00 "sRGB IEC61966-2.1"
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):3144
                                                                                                                                                                                                            Entropy (8bit):7.026867070945169
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:48:+FflsXlf/lulel4wlwx+6MjnNsvIYWiR5QkyTJbZPHXZ9u6gbVwyKzJgWjU:aN26MT0D5MdtbZPAVwzV0
                                                                                                                                                                                                            MD5:1D3FDA2EDB4A89AB60A23C5F7C7D81DD
                                                                                                                                                                                                            SHA1:9EAEA0911D89D63E39E95F2E2116EAEC7E0BB91E
                                                                                                                                                                                                            SHA-256:2B3AA1645779A9E634744FAF9B01E9102B0C9B88FD6DECED7934DF86B949AF7E
                                                                                                                                                                                                            SHA-512:16AAE81ACF757036634B40FB8B638D3EBA89A0906C7F95BD915BC3579E3BE38C7549EE4CD3F344EF0A17834FF041F875B9370230042D20B377C562952C47509B
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:...HLino....mntrRGB XYZ .........1..acspMSFT....IEC sRGB.......................-HP ................................................cprt...P...3desc.......lwtpt........bkpt........rXYZ........gXYZ...,....bXYZ...@....dmnd...T...pdmdd........vued...L....view.......$lumi........meas.......$tech...0....rTRC...<....gTRC...<....bTRC...<....text....Copyright (c) 1998 Hewlett-Packard Company..desc........sRGB IEC61966-2.1............sRGB IEC61966-2.1..................................................XYZ .......Q........XYZ ................XYZ ......o...8.....XYZ ......b.........XYZ ......$.........desc........IEC http://www.iec.ch............IEC http://www.iec.ch..............................................desc........IEC 61966-2.1 Default RGB colour space - sRGB............IEC 61966-2.1 Default RGB colour space - sRGB......................desc.......,Reference Viewing Condition in IEC61966-2.1...........,Reference Viewing Condition in IEC61966-2.1..........................view.........._.....
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):5824
                                                                                                                                                                                                            Entropy (8bit):5.074440246603207
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:96:6M5VfH+uEMmPDkZeujdJfZUB8BB/+PhPXsOQ71GAXf5lZuU1EbWF7Ycx/AQ12a8T:6M6p4ZeWd1ZUB8BBGPhPXsOQ71GAXBly
                                                                                                                                                                                                            MD5:95AE170D90764B3F5E68C72E8C518DDC
                                                                                                                                                                                                            SHA1:1939B699D16A5DB3E3F905466222099D7C29285A
                                                                                                                                                                                                            SHA-256:A2B31E9CBCEAB296A5E1CF056EFD953CED23B888CD929B0BBE6EB6B53D2BF861
                                                                                                                                                                                                            SHA-512:87E970BEAC8141C757D622FC8B6D84FE173EA4B134AFD8E2F979714C1110C3D92F3CE5F2B9DC74804DD37D13AB2A0EDF0FCA242F61CF8ED065AE81B7331F8816
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:#sun.net.www MIME content-types table..#..# Property fields:..#..# <description> ::= 'description' '=' <descriptive string>..# <extensions> ::= 'file_extensions' '=' <comma-delimited list, include '.'>..# <image> ::= 'icon' '=' <filename of icon image>..# <action> ::= 'browser' | 'application' | 'save' | 'unknown'..# <application> ::= 'application' '=' <command line template>..#....#..# The "we don't know anything about this data" type(s)...# Used internally to mark unrecognized types...#..content/unknown: description=Unknown Content..unknown/unknown: description=Unknown Data Type....#..# The template we should use for temporary files when launching an application..# to view a document of given type...#..temp.file.template: c:\\temp\\%s....#..# The "real" types...#..application/octet-stream: \...description=Generic Binary Stream;\...file_extensions=.saveme,.dump,.hqx,.arc,.obj,.lib,.bin,.exe,.zip,.gz....application/oda: \...description=ODA Document;\...file_extens
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):4122
                                                                                                                                                                                                            Entropy (8bit):3.2585384283455134
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:48:BlWxFFGFSupi94blATFxjGph5vLC6/w37ZXQTbVm/eVzOBJ:BlWJEi94blAT+ph5vLkApmGqr
                                                                                                                                                                                                            MD5:F6258230B51220609A60AA6BA70D68F3
                                                                                                                                                                                                            SHA1:B5B95DD1DDCD3A433DB14976E3B7F92664043536
                                                                                                                                                                                                            SHA-256:22458853DA2415F7775652A7F57BB6665F83A9AE9FB8BD3CF05E29AAC24C8441
                                                                                                                                                                                                            SHA-512:B2DFCFDEBF9596F2BB05F021A24335F1EB2A094DCA02B2D7DD1B7C871D5EECDA7D50DA7943B9F85EDB5E92D9BE6B6ADFD24673CE816DF3960E4D68C7F894563F
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:CurD..........................@C..,M...................... K...C..PF..4@...........R...........C......TF...........M..DL...C.......S..........<M...c...................C...C...A..........hK...C...M.......... O......8...PC...C..........@E...............E..............`.......pX...O...........B...C.......O...D..............,J..........................................@J..............XO..........................................0C...........................O...........................................M.......A...............................................................C...O...................................................................O..........TK...........R...O..............8C...........................P.................. C..............................................`C..........PK...............J......0F..pE...................................Q...............................R.......Q...........c...Q...................................................................................C
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:Java archive data (JAR)
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):2282861
                                                                                                                                                                                                            Entropy (8bit):7.951223313727943
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:49152:ABSxAmHHJwEu4l3Dyz7oQHeNHJJ2aAvfZc:ABEtHHaEuI3Dy3oQH2pFAvW
                                                                                                                                                                                                            MD5:2388C4C8D5F95E0379A8997C7C2492F4
                                                                                                                                                                                                            SHA1:906BF87EB1D8881ABADBF93A3C4BBA7887CA2A01
                                                                                                                                                                                                            SHA-256:A1FD508EACF76645EB0885B243B5DD14239F1E039E8B53ED038226DF91A30539
                                                                                                                                                                                                            SHA-512:2CCE11A5F97DF842964B55408FCF1EC84C0CD561E664ABA3A51275EAFE59D7C920FCFD954C527DA4D53ACB191200CC64BF8150A33BCB9B038F36ADB2CC69B1A1
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:PK...........H................META-INF/....PK...........H...7Z...e.......META-INF/MANIFEST.MF.M..LK-...K-*...R0.3..r.C.q,HL.HU...%...y...R.KRSt.*...L....u....4....sR......K..5y.x..PK...........H................com/PK...........H................com/oracle/PK...........H................com/oracle/deploy/PK...........H................com/oracle/deploy/update/PK...........H................com/sun/PK...........H................com/sun/applet2/PK...........H................com/sun/applet2/preloader/PK...........H............ ...com/sun/applet2/preloader/event/PK...........H................com/sun/deploy/PK...........H................com/sun/deploy/appcontext/PK...........H................com/sun/deploy/association/PK...........H............#...com/sun/deploy/association/utility/PK...........H................com/sun/deploy/cache/PK...........H................com/sun/deploy/config/PK...........H................com/sun/deploy/jardiff/PK...........H................com/sun/deploy/model/PK.....
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:Zip archive data, at least v1.0 to extract, compression method=store
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):14156
                                                                                                                                                                                                            Entropy (8bit):5.649187440261259
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:48:E84SHTDIbZI+R9ufdITe3MPu20DguN9P5YOinvYrJJ0JKP/U8HtK8NJO8lJi8VJb:kld6uQZ9P5dTC7IjZUkPmpaemFqKs8n
                                                                                                                                                                                                            MD5:91052ADB799AEF68EA76931997C40CE4
                                                                                                                                                                                                            SHA1:19255B8E335C22A171C26148099191708C99EE7A
                                                                                                                                                                                                            SHA-256:61D1382375238F90E2E4EE2AF985D978F1409E01B38080E710DF4ACB2897E63B
                                                                                                                                                                                                            SHA-512:39BAA49A1CEF533E5D3FFF1A86BC72CB346A6BF1928A9D8B505EBA09A4AB1506400234DE78BDFD925821F0A690B8887BD004A18CC64337DEB666CC2509DEE5DA
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:PK........$..H............'...{CAFEEFAC-0018-0000-0101-ABCDEFFEDCBA}/UT....GjW.GjWux.............PK........#..H................{CAFEEFAC-0018-0000-0101-ABCDEFFEDCBA}/chrome/UT....GjW.GjWux.............PK........#..H............6...{CAFEEFAC-0018-0000-0101-ABCDEFFEDCBA}/chrome/content/UT....GjW.GjWux.............PK........#..H............>...{CAFEEFAC-0018-0000-0101-ABCDEFFEDCBA}/chrome/content/ffjcext/UT....GjW.GjWux.............PK........#..H...V........H...{CAFEEFAC-0018-0000-0101-ABCDEFFEDCBA}/chrome/content/ffjcext/ffjcext.jsUT....GjW.GjWux.............const gJavaConsole1_8_0_101 = {...id.: "javaconsole1.8.0_101",...mimeType: "application/x-java-applet;jpi-version=1.8.0_101",...install.: function() {...window.addEventListener("load",this.init,false);..},...init.: function() { ...if (navigator.mimeTypes[gJavaConsole1_8_0_101.mimeType]) {....var toolsPopup = document.getElementById("menu_ToolsPopup");.....toolsPopup.addEventListener("popupshowing",gJavaConsole1_8_0_101.enable,false)
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):2917
                                                                                                                                                                                                            Entropy (8bit):4.838706790124659
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:48:KaDMJ9TmsHDmDDCDP2un8YzgKe1E13Tstub22tTeF/Qi/WRtAXikTzgaENZzT3JI:KaD+9TmAe29vBotubbt2Oz+ENlbJI
                                                                                                                                                                                                            MD5:2EB9117D147BAA0578E4000DA9B29E12
                                                                                                                                                                                                            SHA1:3D297ECF3D280D4AA3D1423E885994495243F326
                                                                                                                                                                                                            SHA-256:B8D9C69FF7F4832A9B365D4A43CF66DFF9847051752B13EEDF024CAA9C1EF46B
                                                                                                                                                                                                            SHA-512:C3F7730767941B3C8F6F53D4686E9F898D1907D978F6D1FA35BA02C3FCD8306335406A5F9ABAA844F27F7AFD9E548810BECB9EC3E6B84888EA5EAC57B6ED6FDB
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:#..# Copyright (c) 2004, 2011, Oracle and/or its affiliates. All rights reserved...# ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms...#....error.internal.badmsg=internal error, unknown message..error.badinst.nojre=Bad installation. No JRE found in configuration file..error.launch.execv=Error encountered while invoking Java Web Start (execv)..error.launch.sysexec=Error encountered while invoking Java Web Start (SysExec) ..error.listener.failed=Splash: sysCreateListenerSocket failed..error.accept.failed=Splash: accept failed..error.recv.failed=Splash: recv failed..error.invalid.port=Splash: didn't revive a valid port..error.read=Read past end of buffer..error.xmlparsing=XML Parsing error: wrong kind of token found..error.splash.exit=Java Web Start splash screen process exiting .....\n..# "Last WinSock Error" means the error message for the last operation that failed...error.winsock=\tLast WinSock Error: ..error.winsock.load=Couldn't load winsock.dll..error.winsock.start
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:ASCII text, with very long lines (1345), with CRLF line terminators
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):3338
                                                                                                                                                                                                            Entropy (8bit):4.919780187496773
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:48:WvaqyL1nlrDtzh5+VN9JrnjXyv6jq/YgKe1h/KZkCUdr5pAvA1t2CPTOsdIamy:txrj5Snk6+wuir25pAvAv2ITOsd9
                                                                                                                                                                                                            MD5:FF9CFEE1ACFCD927253A6E35673F1BB7
                                                                                                                                                                                                            SHA1:957E6609A1AF6D06A45A6F7B278BE7625807B909
                                                                                                                                                                                                            SHA-256:E130FBD5FA378A380F46F42981F2C97BC152059C27120204AB4DA47079D31513
                                                                                                                                                                                                            SHA-512:F42601092436D7AF30CCD81126185232D9D643B195D3D4619AEC451E3E2A60E33E6378E770DD1A4CDF7AB20CB749371665A992CA73D2842A7102F3FB34B6B9EB
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:#..# Copyright (c) 2004, 2013, Oracle and/or its affiliates. All rights reserved...# ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms...#....error.internal.badmsg=interner Fehler, unbekannte Meldung..error.badinst.nojre=Ung\u00FCltige Installation. Keine JRE in Konfigurationsdatei gefunden..error.launch.execv=Fehler beim Aufrufen von Java Web Start (execv) aufgetreten..error.launch.sysexec=Fehler beim Aufrufen von Java Web Start (SysExec) aufgetreten..error.listener.failed=Startbildschirm: sysCreateListenerSocket nicht erfolgreich..error.accept.failed=Startbildschirm: accept nicht erfolgreich..error.recv.failed=Startbildschirm: recv nicht erfolgreich..error.invalid.port=Startbildschirm: Reaktivierung eines g\u00FCltigen Ports nicht m\u00F6glich..error.read=\u00DCber Pufferende hinaus gelesen..error.xmlparsing=XML-Parsefehler: Falscher Tokentyp gefunden..error.splash.exit=Prozess f\u00FCr Startbildschirm von Java Web Start wird beendet.....\n..# "Last WinSock Error" mean
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:ASCII text, with very long lines (1475), with CRLF line terminators
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):3632
                                                                                                                                                                                                            Entropy (8bit):4.776451902180833
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:96:KHelXJn5woLUosi30hrleaRSfvlBY0CQ1Z:KHelNTAxFtlE/71Z
                                                                                                                                                                                                            MD5:72BDAE07C5D619E5849A97ACC6A1090F
                                                                                                                                                                                                            SHA1:9FC8A7A29658AC23A30AB9D655117BB79D08DC3B
                                                                                                                                                                                                            SHA-256:821A3452ECB9F29BCEC16C0B39FB668C2CC30C7F7283B34BFC5400040723892B
                                                                                                                                                                                                            SHA-512:67F0D1D60012B5598864B68612AA488AF1B5876FF5F347CD98ABCF1E3C0D267CF0354D5085BF12B0A09C6EF124FD0117CD16FCC032DA2B195D45BAB19740BB78
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:#..# Copyright (c) 2004, 2013, Oracle and/or its affiliates. All rights reserved...# ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms...#....error.internal.badmsg=Error interno, mensaje desconocido..error.badinst.nojre=Instalaci\u00F3n incorrecta. No se ha encontrado JRE en el archivo de configuraci\u00F3n..error.launch.execv=Se ha encontrado un error al llamar a Java Web Start (execv)..error.launch.sysexec=Se ha encontrado un error al llamar a Java Web Start (SysExec) ..error.listener.failed=Pantalla de Presentaci\u00F3n: fallo de sysCreateListenerSocket..error.accept.failed=Pantalla de Presentaci\u00F3n: fallo de accept..error.recv.failed=Pantalla de Presentaci\u00F3n: fallo de recv..error.invalid.port=Pantalla de Presentaci\u00F3n: no se ha activado un puerto v\u00E1lido..error.read=Lectura m\u00E1s all\u00E1 del final del buffer..error.xmlparsing=Error de an\u00E1lisis de XML: se ha encontrado un tipo de token no v\u00E1lido..error.splash.exit=Saliendo del proceso d
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:ASCII text, with very long lines (1575), with CRLF line terminators
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):3441
                                                                                                                                                                                                            Entropy (8bit):4.832330268062187
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:48:KE2CXpRLJDNXQC6tNaEGBlu9hUv5//zEvDiwkISAyHgKe1p6KF/uoYuh1LNRtS0f:KERXlp6tN1VHq1Kt1S4x8Xi
                                                                                                                                                                                                            MD5:FFE3CC16616314296C3262B0A0E093CD
                                                                                                                                                                                                            SHA1:198DD1C6E6707C10AE74A1C42E8A91C429598F3B
                                                                                                                                                                                                            SHA-256:3941736BEF6A8E53D002B6B67ECE4793C2F3F34BCC1ECB271684EB3F73FC4103
                                                                                                                                                                                                            SHA-512:CD3A9329F405CA14E11CDBB74D467B31A31530CBF00537B16FB23AEBC6C07EB268E9624FDBC997AA0CF4852DAC288E1D011E2FC392D71E25DBDF52E359BA9D4E
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:#..# Copyright (c) 2004, 2011, Oracle and/or its affiliates. All rights reserved...# ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms...#....error.internal.badmsg=erreur interne, message inconnu..error.badinst.nojre=Installation incorrecte. JRE introuvable dans le fichier de configuration..error.launch.execv=Erreur lors de l'appel de Java Web Start (execv)..error.launch.sysexec=Erreur lors de l'appel de Java Web Start (SysExec) ..error.listener.failed=Accueil : \u00E9chec de sysCreateListenerSocket..error.accept.failed=Accueil : \u00E9chec d'accept..error.recv.failed=Accueil : \u00E9chec de recv..error.invalid.port=Accueil : impossible de r\u00E9activer un port valide..error.read=Lecture apr\u00E8s la fin de tampon..error.xmlparsing=Erreur d'analyse XML : type incorrect de jeton..error.splash.exit=Le processus d'affichage de l'\u00E9cran d'accueil de Java Web Start est en cours de fermeture...\n..# "Last WinSock Error" means the error message for the last operation that
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:ASCII text, with very long lines (1392), with CRLF line terminators
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):3255
                                                                                                                                                                                                            Entropy (8bit):4.7050139579578145
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:48:KTi+qOaVUVVMsD/B0FN5+eADELDHxhdpHgKe1uo265eLaqMQ6URhmwgFs+ur60:KJBa2VtzeDLDRhd5A26+7RhZgR0
                                                                                                                                                                                                            MD5:BF5E5310B2DCF8E8B3697B358AD4446D
                                                                                                                                                                                                            SHA1:C746AC1F46F607FA8F971BEA2B6853746A4FB28D
                                                                                                                                                                                                            SHA-256:CC9AD73957535011EE2376C23DE2C2597F877ACEBA9173E822EE79AAD3C4E9E6
                                                                                                                                                                                                            SHA-512:B6C61D38B0ACC427B9B2F4C19DABD7EACBE8EEA6B973FD31B3555C4C5B3FFAF1CA036B730359346F57223B44CCE79E04A6D06BBC13C6F7DD26ED463776BB6DCC
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:#..# Copyright (c) 2004, 2011, Oracle and/or its affiliates. All rights reserved...# ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms...#....error.internal.badmsg=errore interno, messaggio sconosciuto..error.badinst.nojre=Installazione errata. Impossibile trovare il JRE nel file di configurazione..error.launch.execv=Errore durante la chiamata di Java Web Start (execv)..error.launch.sysexec=Errore durante la chiamata di Java Web Start (SysExec) ..error.listener.failed=Apertura: sysCreateListenerSocket non riuscito..error.accept.failed=Apertura: accept non riuscito..error.recv.failed=Apertura: recv non riuscito..error.invalid.port=Apertura: impossibile identificare una porta valida..error.read=Tentativo di lettura dopo la fine del buffer..error.xmlparsing=Errore durante l'analisi XML: trovato un tipo di token errato..error.splash.exit=Uscita dal processo di schermata iniziale di Java Web Start in corso...\n..# "Last WinSock Error" means the error message for the last oper
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:ASCII text, with very long lines (2924), with CRLF line terminators
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):6381
                                                                                                                                                                                                            Entropy (8bit):4.5983590678211135
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:96:Mu7cepcgD8do+O2D+k8/RJFGQcHGqo72hzEflA44CAmIbIC3j5pN/o8woJe:PctgYqhTYzG2O
                                                                                                                                                                                                            MD5:D830FC76BDD1975010ECE4C5369DADF8
                                                                                                                                                                                                            SHA1:D8CC3F54325142EFA740026E2BC623AFE6F3ACB5
                                                                                                                                                                                                            SHA-256:11E886336BA51A9044AB1A87C60CEEE34C29BB724E06A16968D31531A7001064
                                                                                                                                                                                                            SHA-512:7B867A50A811FBD7FFDAD0B729CA4501E16386EE5C4940A4CF9A805767CC0D10F7E3BDFD6A60204D79292D778D93E3BD915368AC0E9453BBB1010ADFD9655F0F
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:#..# Copyright (c) 2004, 2013, Oracle and/or its affiliates. All rights reserved...# ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms...#....error.internal.badmsg=\u5185\u90E8\u30A8\u30E9\u30FC\u3001\u4E0D\u660E\u306A\u30E1\u30C3\u30BB\u30FC\u30B8..error.badinst.nojre=\u30A4\u30F3\u30B9\u30C8\u30FC\u30EB\u304C\u6B63\u3057\u304F\u3042\u308A\u307E\u305B\u3093\u3002\u69CB\u6210\u30D5\u30A1\u30A4\u30EB\u5185\u306BJRE\u304C\u3042\u308A\u307E\u305B\u3093..error.launch.execv=Java Web Start\u306E\u547C\u51FA\u3057\u4E2D\u306B\u30A8\u30E9\u30FC\u304C\u767A\u751F\u3057\u307E\u3057\u305F(execv)..error.launch.sysexec=Java Web Start\u306E\u547C\u51FA\u3057\u4E2D\u306B\u30A8\u30E9\u30FC\u304C\u767A\u751F\u3057\u307E\u3057\u305F(SysExec) ..error.listener.failed=\u30B9\u30D7\u30E9\u30C3\u30B7\u30E5: sysCreateListenerSocket\u306B\u5931\u6557\u3057\u307E\u3057\u305F..error.accept.failed=\u30B9\u30D7\u30E9\u30C3\u30B7\u30E5: accept\u306B\u5931\u6557\u3057\u307E\u3057\u305F..error.recv.fai
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:ASCII text, with very long lines (2601), with CRLF line terminators
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):5744
                                                                                                                                                                                                            Entropy (8bit):4.781504394194986
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:96:GhymCk3kjLqgz9RkfrsEW/p9M32i0HkZr+ywc8b8+/moD7yct070DL70Dm:Dm5kLfIErMbT/44in
                                                                                                                                                                                                            MD5:64DE22212EE92F29BCA3ACED72737254
                                                                                                                                                                                                            SHA1:C4DBC247043578CCF9CD8DAB652D096703D5B26E
                                                                                                                                                                                                            SHA-256:292696C94D5FD0BF2FF4AF9E4D363BFCBE888D2E65BD18A20CF71081FB1C9B0D
                                                                                                                                                                                                            SHA-512:CA33C75B66D8B5316B1C3ED41A9A14DD8611A3BB9B26EFDC7F468250696D515CF1E966831975C9ABDC33E9A1C59167FE79BA547592D2A04997E1342433E7B628
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:#..# Copyright (c) 2004, 2016, Oracle and/or its affiliates. All rights reserved...# ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms...#....error.internal.badmsg=\uB0B4\uBD80 \uC624\uB958\uAC00 \uBC1C\uC0DD\uD588\uC2B5\uB2C8\uB2E4. \uC54C \uC218 \uC5C6\uB294 \uBA54\uC2DC\uC9C0\uC785\uB2C8\uB2E4...error.badinst.nojre=\uC124\uCE58\uAC00 \uC798\uBABB\uB418\uC5C8\uC2B5\uB2C8\uB2E4. \uAD6C\uC131 \uD30C\uC77C\uC5D0\uC11C JRE\uB97C \uCC3E\uC744 \uC218 \uC5C6\uC2B5\uB2C8\uB2E4...error.launch.execv=Java Web Start(execv)\uB97C \uD638\uCD9C\uD558\uB294 \uC911 \uC624\uB958\uAC00 \uBC1C\uC0DD\uD588\uC2B5\uB2C8\uB2E4...error.launch.sysexec=Java Web Start(SysExec)\uB97C \uD638\uCD9C\uD558\uB294 \uC911 \uC624\uB958\uAC00 \uBC1C\uC0DD\uD588\uC2B5\uB2C8\uB2E4. ..error.listener.failed=\uC2A4\uD50C\uB798\uC2DC: sysCreateListenerSocket\uC744 \uC2E4\uD328\uD588\uC2B5\uB2C8\uB2E4...error.accept.failed=\uC2A4\uD50C\uB798\uC2DC: \uC2B9\uC778\uC744 \uC2E4\uD328\uD588\uC2B5\uB2C8\uB2E4...error.r
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:ASCII text, with very long lines (1319), with CRLF line terminators
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):3317
                                                                                                                                                                                                            Entropy (8bit):4.869662880084367
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:48:3c6BeKTDcUsLYg9tStwmx+supWBxKy0HgKe1u6K0NCMc6MTNTjtA7NZdlw7ZHAW:3c6fbEf1mxPuUBxKy4va+mZdlw7Z7
                                                                                                                                                                                                            MD5:4078691AB22C4F0664856BE0C024A52F
                                                                                                                                                                                                            SHA1:6247FC05DE429F65DC4E1356C4715DC51F43B98F
                                                                                                                                                                                                            SHA-256:6869B27B12B99C9D169B3E018284BE0F7631DBDF2DDD5F4EA5B1A458736FDFDF
                                                                                                                                                                                                            SHA-512:BB02765F69E23C732C790EB994800C83BB8EFE7FF8CE0BCDC475EC5A29CEF5A33A5513AB1A7DC9F0F066B807A0980C41EC0037710873A32BD2952DBED79D24CA
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:#..# Copyright (c) 2004, 2016, Oracle and/or its affiliates. All rights reserved...# ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms...#....error.internal.badmsg=erro interno, mensagem desconhecida..error.badinst.nojre=Instala\u00E7\u00E3o incorreta. Nenhum JRE encontrado no arquivo de configura\u00E7\u00E3o..error.launch.execv=Erro encontrado ao chamar Java Web Start (execv)..error.launch.sysexec=Erro encontrado ao chamar Java Web Start (SysExec) ..error.listener.failed=Tela Inicial: falha em sysCreateListenerSocket..error.accept.failed=Tela Inicial: falha na fun\u00E7\u00E3o accept..error.recv.failed=Tela Inicial: falha na fun\u00E7\u00E3o recv..error.invalid.port=Tela Inicial: n\u00E3o reativou uma porta v\u00E1lida..error.read=Ler ap\u00F3s o final do buffer..error.xmlparsing=Erro durante o parsing de XML: tipo incorreto de token encontrado..error.splash.exit=Saindo do processamento da tela inicial do Java Web .....\n..# "Last WinSock Error" means the error message
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:ASCII text, with very long lines (1386), with CRLF line terminators
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):3441
                                                                                                                                                                                                            Entropy (8bit):4.927824210480987
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:96:KYD1QNsQZ/lmo8ZuLgdBGpv3JRJ/7coh91XlK7Q/vm2QAfO:9D1+sCmapce1KGm2QIO
                                                                                                                                                                                                            MD5:81BBDEA4DC9803A6EB78CE7D5CA018ED
                                                                                                                                                                                                            SHA1:9AAF012276AD89CE7273CF5F0BE4C95B72D906AB
                                                                                                                                                                                                            SHA-256:565B8FF1F31784378884D9D7468FFDFDDA5B001ACB5BB393A5006AC19BE4E67A
                                                                                                                                                                                                            SHA-512:310017DD27C91C492188737494DA04CAB241D0BF4E91326AFB4A3F98CBFF78A6C0BBC14EC7E883597E9D506FAA80BA4E9A25B5F46BFD2543850323061E829A84
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:#..# Copyright (c) 2004, 2011, Oracle and/or its affiliates. All rights reserved...# ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms...#....error.internal.badmsg=internt fel, ok\u00E4nt meddelande..error.badinst.nojre=Felaktig installation. Ingen JRE har hittats i konfigurationsfilen..error.launch.execv=Ett fel intr\u00E4ffade under starten av Java Web Start (execv)..error.launch.sysexec=Ett fel intr\u00E4ffade under starten av Java Web Start (SysExec) ..error.listener.failed=V\u00E4lkomstsk\u00E4rm: sysCreateListenerSocket utf\u00F6rdes inte..error.accept.failed=V\u00E4lkomstsk\u00E4rm: kunde inte accepteras..error.recv.failed=V\u00E4lkomstsk\u00E4rm: kunde inte mottaga..error.invalid.port=V\u00E4lkomstsk\u00E4rm: \u00E5terskapade inte en giltig port..error.read=L\u00E4ste f\u00F6rbi slutet av bufferten..error.xmlparsing=XML-tolkningsfel: fel typ av igenk\u00E4nningstecken hittades..error.splash.exit=Java Web Start - v\u00E4lkomstsk\u00E4rmen avslutas .....\n..# "Last
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:ASCII text, with very long lines (1857), with CRLF line terminators
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):4104
                                                                                                                                                                                                            Entropy (8bit):5.04197285715923
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:96:Me7R8zl0Zf4z3X4Gv2hEpeStEKADydYL1WfK0eSm91j7:1R8pOfWHJvOJT1WPtK1j7
                                                                                                                                                                                                            MD5:823D1F655440C3912DD1F965A23363FC
                                                                                                                                                                                                            SHA1:50B941A38B9C5F565F893E1E0824F7619F51185C
                                                                                                                                                                                                            SHA-256:86663DED105B77261C0556468A93BC8666A094B918299A61AF0A8E30F42019C7
                                                                                                                                                                                                            SHA-512:1EBF989D2121CF05FFC912B9B228C4D4523763EB1A689EC74568D811C88DCF11032FFC8007BB24DAF7D079B580662B77D94B4B8D71A2E891EF27979FF32CD727
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:#..# Copyright (c) 2004, 2013, Oracle and/or its affiliates. All rights reserved...# ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms...#....error.internal.badmsg=\u5185\u90E8\u9519\u8BEF, \u672A\u77E5\u6D88\u606F..error.badinst.nojre=\u9519\u8BEF\u5B89\u88C5\u3002\u914D\u7F6E\u6587\u4EF6\u4E2D\u627E\u4E0D\u5230 JRE..error.launch.execv=\u8C03\u7528 Java Web Start (execv) \u65F6\u9047\u5230\u9519\u8BEF..error.launch.sysexec=\u8C03\u7528 Java Web Start (SysExec) \u65F6\u9047\u5230\u9519\u8BEF..error.listener.failed=\u542F\u52A8\u5C4F\u5E55: sysCreateListenerSocket \u5931\u8D25..error.accept.failed=\u542F\u52A8\u5C4F\u5E55: \u63A5\u53D7\u5931\u8D25..error.recv.failed=\u542F\u52A8\u5C4F\u5E55: recv \u5931\u8D25..error.invalid.port=\u542F\u52A8\u5C4F\u5E55: \u672A\u6062\u590D\u6709\u6548\u7AEF\u53E3..error.read=\u8BFB\u53D6\u8D85\u51FA\u7F13\u51B2\u533A\u7ED3\u5C3E..error.xmlparsing=XML \u89E3\u6790\u9519\u8BEF: \u53D1\u73B0\u9519\u8BEF\u7684\u6807\u8BB0\u7C7B\u578B..error.s
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:ASCII text, with very long lines (1729), with CRLF line terminators
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):3784
                                                                                                                                                                                                            Entropy (8bit):5.17620120701776
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:96:wMWzQq8x9i7zO/JOFtUtQzy+gawZFomWdYQCfQ/ydQCyA:LWzQqms7S/JDtQcJoHWQaQ/6QCH
                                                                                                                                                                                                            MD5:4287D97616F708E0A258BE0141504BEB
                                                                                                                                                                                                            SHA1:5D2110CABBBC0F83A89AEC60A6B37F5F5AD3163E
                                                                                                                                                                                                            SHA-256:479DC754BD7BFF2C9C35D2E308B138EEF2A1A94CF4F0FC6CCD529DF02C877DC7
                                                                                                                                                                                                            SHA-512:F273F8D501C5D29422257733624B5193234635BD24B444874E38D8D823D728D935B176579D5D1203451C0CE377C57ED7EB3A9CE9ADCB3BB591024C3B7EE78DCD
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:#..# Copyright (c) 2004, 2013, Oracle and/or its affiliates. All rights reserved...# ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms...#....error.internal.badmsg=\u5167\u90E8\u932F\u8AA4\uFF0C\u4E0D\u660E\u7684\u8A0A\u606F..error.badinst.nojre=\u5B89\u88DD\u932F\u8AA4\u3002\u5728\u7D44\u614B\u6A94\u4E2D\u627E\u4E0D\u5230 JRE..error.launch.execv=\u547C\u53EB Java Web Start (execv) \u6642\u9047\u5230\u932F\u8AA4..error.launch.sysexec=\u547C\u53EB Java Web Start (SysExec) \u6642\u9047\u5230\u932F\u8AA4..error.listener.failed=Splash: sysCreateListenerSocket \u5931\u6557..error.accept.failed=Splash: \u63A5\u53D7\u5931\u6557..error.recv.failed=Splash: recv \u5931\u6557..error.invalid.port=Splash: \u6709\u6548\u7684\u9023\u63A5\u57E0\u5C1A\u672A\u56DE\u5FA9..error.read=\u8B80\u53D6\u8D85\u51FA\u7DE9\u885D\u5340\u7D50\u5C3E..error.xmlparsing=XML \u5256\u6790\u932F\u8AA4: \u627E\u5230\u932F\u8AA4\u7684\u8A18\u865F\u7A2E\u985E..error.splash.exit=Java Web Start \u9583\u73FE\u87A2
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:ASCII text, with very long lines (1729), with CRLF line terminators
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):3784
                                                                                                                                                                                                            Entropy (8bit):5.17620120701776
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:96:wMWzQq8x9i7zO/JOFtUtQzy+gawZFomWdYQCfQ/ydQCyA:LWzQqms7S/JDtQcJoHWQaQ/6QCH
                                                                                                                                                                                                            MD5:4287D97616F708E0A258BE0141504BEB
                                                                                                                                                                                                            SHA1:5D2110CABBBC0F83A89AEC60A6B37F5F5AD3163E
                                                                                                                                                                                                            SHA-256:479DC754BD7BFF2C9C35D2E308B138EEF2A1A94CF4F0FC6CCD529DF02C877DC7
                                                                                                                                                                                                            SHA-512:F273F8D501C5D29422257733624B5193234635BD24B444874E38D8D823D728D935B176579D5D1203451C0CE377C57ED7EB3A9CE9ADCB3BB591024C3B7EE78DCD
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:#..# Copyright (c) 2004, 2013, Oracle and/or its affiliates. All rights reserved...# ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms...#....error.internal.badmsg=\u5167\u90E8\u932F\u8AA4\uFF0C\u4E0D\u660E\u7684\u8A0A\u606F..error.badinst.nojre=\u5B89\u88DD\u932F\u8AA4\u3002\u5728\u7D44\u614B\u6A94\u4E2D\u627E\u4E0D\u5230 JRE..error.launch.execv=\u547C\u53EB Java Web Start (execv) \u6642\u9047\u5230\u932F\u8AA4..error.launch.sysexec=\u547C\u53EB Java Web Start (SysExec) \u6642\u9047\u5230\u932F\u8AA4..error.listener.failed=Splash: sysCreateListenerSocket \u5931\u6557..error.accept.failed=Splash: \u63A5\u53D7\u5931\u6557..error.recv.failed=Splash: recv \u5931\u6557..error.invalid.port=Splash: \u6709\u6548\u7684\u9023\u63A5\u57E0\u5C1A\u672A\u56DE\u5FA9..error.read=\u8B80\u53D6\u8D85\u51FA\u7DE9\u885D\u5340\u7D50\u5C3E..error.xmlparsing=XML \u5256\u6790\u932F\u8AA4: \u627E\u5230\u932F\u8AA4\u7684\u8A18\u865F\u7A2E\u985E..error.splash.exit=Java Web Start \u9583\u73FE\u87A2
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:GIF image data, version 89a, 320 x 139
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):8590
                                                                                                                                                                                                            Entropy (8bit):7.910688771816331
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:192:91m4OqvVyG+LMIcBc2qPjHmxJCCG/h97dIYhOX:9/OqdivcqzjH3tfDE
                                                                                                                                                                                                            MD5:249053609EAF5B17DDD42149FC24C469
                                                                                                                                                                                                            SHA1:20E7AEC75F6D036D504277542E507EB7DC24AAE8
                                                                                                                                                                                                            SHA-256:113B01304EBBF3CC729A5CA3452DDA2093BD8B3DDC2BA29E5E1C1605661F90BE
                                                                                                                                                                                                            SHA-512:9C04A20E2FA70E4BCFAC729E366A0802F6F5167EA49475C2157C8E2741C4E4B8452D14C75F67906359C12F1514F9FB7E9AF8E736392AC8434F0A5811F7DDE0CB
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:GIF89a@................................................FFF...T..W..V..Is.Kv.W..W..U..Hr.P|.O{.Mx.Gq.Jt.Fo.Fp.V..U..Gp.T..Lw.P|.R..Q~.S..S..Nz.Lw.Hq.Ju.X..V..Lx.It.U..Hs.Ny.Nz.P}.R~.S..R~.R..Q}.Q}.My.Lv.It.O{.Ku.My.Oz.Gp.Gq.Hr.....................WWW.........Ry.uuu............i......ggg...]..................{..y..d..........Sz................s............i...............c............v.....X........r...........]........^........p.....z.........r..Y..l..m...............]................Mu........Qw.Nw.........v.....b..j.......V}.]........d.....k........v........Lu....S|.U{.Oy................W........Lv.U..R}.....Nv.Gp.Nx.Ks....Jr....Hq......V~.T..S~.Z.....Gq.O{.......W..Qz.......Lw.Z.....T...........S~....Lt.Kv....V.................Fo.......!..NETSCAPE2.0.....!..XMP DataXMP<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="ht
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:GIF image data, version 89a, 640 x 278
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):15276
                                                                                                                                                                                                            Entropy (8bit):7.949850025334252
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:192:onqkbSDLFgIBL0IgyZCE/oIuuemXclVO/HemZ8GbRdziHm6tIclW3ZYvvebtssZn:lKMLWkpgy8sdsnOmEyPLaYoauAdI
                                                                                                                                                                                                            MD5:CB81FED291361D1DD745202659857B1B
                                                                                                                                                                                                            SHA1:0AE4A5BDA2A6D628FAC51462390B503C99509FDC
                                                                                                                                                                                                            SHA-256:9DD5CCD6BDFDAAD38F7D05A14661108E629FDD207FC7776268B566F7941E1435
                                                                                                                                                                                                            SHA-512:4A383107AC2D642F4EB63EE7E7E85A8E2F63C67B41CA55EBAE56B52CECFE8A301AAF14E6536553CBC3651519DB5C10FC66588C84C9840D496F5AE980EF2ED2B9
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:GIF89a..............................................FFF...W..V..Is.Hr.W..W..U..P|.T..Kv.O{.V..Mx....S..Fp.Jt.Lw.Gp.Gq.Lw.U..T..R..Q~.Fo.Nz.R~.R..Q}.My.Ju.It.Oz.Gp.Nz.Gq.V..Ny.Hq.P|.P}.S..S..S..Q}.Ku.Ku.Hr.Lx.X..Mx.It.U..Is.Hs.T..O{.R~.T..O{.Kv.My.Lv..........i...........]..WWWu...........ggguuut.......................................Ry.......{..............b..........................^..l.................X}....a..{.....c..................v..m........T{.f.....l........X.........................j..U|...........`........j..g..U~........^.....Qz.Jr.Nw.p.....v.....p.....Gp....r..Mt.......y..q.....]..Nv............Tz.Y.....[.....Pw....Ox..............X.....Y..X..W..V..S|............Mx....Mv.Kt.U..Hq.Lv.W.....Mu.i..Q{.Gq.Lt.S~.T..U..Kv................Fo.......!..NETSCAPE2.0.....!..XMP DataXMP<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="ht
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:GIF image data, version 89a, 320 x 139
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):7805
                                                                                                                                                                                                            Entropy (8bit):7.877495465139721
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:96:S88k2wenvMs3iHrSI3yy73VWOcaJpGvrrXqJBcqgbf5bD0jmzDBoqCN2IWsyh:SFHhs73n73V4airrXq41Ll3vBmN2YU
                                                                                                                                                                                                            MD5:9E8F541E6CEBA93C12D272840CC555F8
                                                                                                                                                                                                            SHA1:8DEF364E07F40142822DF84B5BB4F50846CB5E4E
                                                                                                                                                                                                            SHA-256:C5578AC349105DE51C1E9109D22C7843AAB525C951E312700C73D5FD427281B9
                                                                                                                                                                                                            SHA-512:2AB06CAE68DEC9D92B66288466F24CC25505AF954FA038748D6F294D1CFFB72FCC7C07BA8928001D6C487D1BF71FE0AF1B1AA0F35120E5F6B1B2C209BA596CE2
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:GIF89a@...................................{...........c.....P|.l.....].............Ry.........S{.i.....U~........................uuuV..b........T.....WWW}..R~.......Hr.v..T|.It..........n.............e..f.....].........Hq.`........Y.....i..r.._..l...........]..Y.....v..................s..f.....z.....\........Jr.r.....................i..e.....p.....Y..m........Z..Sz.Ow....Y..Nx.{..w..Jr.T..R}....Pw.Lt.s..`..W..W..Lv...........................................FFF...W..V..Is.Kv.W..W..U..Hr.O{.Mx.Jt.Gq.Fp.Gp.Lw.Fo.U..T..Q~.R..P|.Lw.S..S..Ju.Nz.V..X..V..U..Ny.Hs.My.Ku.My.Q}.R~.P}.Q}.R..S..S..O{.Oz.Lx.Nz.Lv.It.Gp.Gq....ggg.....................S...............S|....Gp........Mw.S~.Px.Nz.Pz.......Lt.Kv.a.....V.....r.................Fo.......!..NETSCAPE2.0.....!..XMP DataXMP<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c014 79.156797, 2014/08/20-09:53:02 "> <rdf:RDF xmlns:rdf="ht
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:GIF image data, version 89a, 640 x 278
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):12250
                                                                                                                                                                                                            Entropy (8bit):7.901446927123525
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:192:Zzv4QPei/ueMFJ2M4xSGb/xGEyddpTa7Kv9I1BDc3KR3q6xmwJePYueHjAPZKGMr:5vTWvmxSGbkpTaYe1dc3KR3q7wJsOHmu
                                                                                                                                                                                                            MD5:3FE2013854A5BDAA488A6D7208D5DDD3
                                                                                                                                                                                                            SHA1:D2BFF9BBF7920CA743B81A0EE23B0719B4D057CA
                                                                                                                                                                                                            SHA-256:FC39D09D187739E580E47569556DE0D19AF28B53DF5372C7E0538FD26EDB7988
                                                                                                                                                                                                            SHA-512:E3048E8E0C22F6B200E5275477309083AA0435C0F33D1994C10CE65A52F357EE7CF7081F85C00876F438DFA1EE59B542D602287EC02EA340BFDF90C0C6ABD548
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:GIF89a.......{.....k......{...........P|.b..V......................Hr.Hq.......................]...........X...........f.............i............R~....u..It.u.....l..T~.......Qz.......^..Q~....i.......b.............Qx.Y..Y.....q..p.....v..............a..U|......T..Y........................^..n........f.....Tz.e..j..f..Ox.p..Y~.Ov.......y..Z..h.....l.....W.....w.....R|.p.....X~.a........Pw.Ks.Ir.......^.....Kt.FFF\........Ox...........W..U..Nw.Mu.W..V..Is.V..Hr.R~.W..W..U..T..O{.Kv.Gp.S..Mx.Lw.Fp.Lw.U..T..Jt.R..Gq.Fo.Ju.My.R..Q}.R~.Nz.Oz.It.Nz.V..V..Gp.Ny.Ku.P|.Ku.Gq.P}.S..Q}.S..S..Is.Lx.U..O{.Hs.T..O{.My.Mx.Kv.Lv............iii...YYY.............xxx........._.....U..Gp.U..Lv.Mw....Oz......S|.S}.Hq.\..Kv....Mv.P{.W..T........Mw.T.....Nz.q..Fo.......!..NETSCAPE2.0.....!..XMP DataXMP<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c014 79.156797, 2014/08/20-09:53:02 "> <rdf:RDF xmlns:rdf="ht
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:Java archive data (JAR)
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):187736
                                                                                                                                                                                                            Entropy (8bit):7.79606817499301
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:3072:9Mxm+j7ZPrDuryFpqOv2xHamAIGiDZDo81qnI/vs7O04OvwFgBgvH6:ONduOJv29amxGiDtonI87aGBgva
                                                                                                                                                                                                            MD5:13794986CA59819F6AF7BD70022D7F8F
                                                                                                                                                                                                            SHA1:6C5609CD023EB001DC82F1E989D535CD7AD407EE
                                                                                                                                                                                                            SHA-256:AF555DD438214DCD68D55EBDDCC0A05BF47DEF0EFD9920E3955D11CC2623628E
                                                                                                                                                                                                            SHA-512:2E3C4E76FD911EFF5F6983D6D7FBB0F998E5FB0BFE11921A83AC9F19BFB0C28B157354F1AC790094C354845025AB42F5A921FDDF2A780497431F3912D7D3E518
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:PK........z..H................META-INF/......PK..............PK........{..H................META-INF/MANIFEST.MF.M..LK-...K-*...R0.3..r.JM,IM.u.........+h..%&.*8.....%...k.r.r..PK..<:S1C...D...PK...........H............/...com/sun/java/accessibility/AccessBridge$1.class.S.n.@.=.........6.....BU.D.T..CQ.x.8+...F.u...$...>..B.....5.....9.gfg......St....,........sp....z*. ......".e........MG.|N..(...a.=..9!Tz.@..GJ.W./...s<..8&t.9...m......8..Jt.`..:....Q.?.a....H......y.$.Y..a.....m.c5...K.....'.....Y.`^.5..|..z_.q.*....]2p....[..P..b.A.C...W..j..(H3.....a.~...;.Z.^,.T...6QB..L.+g...%l_R....H.V..el&..#F.~6.1.9.C.g$M.+.vn..&........k 8 ...._..."G=.6P.#._@.o(}.........s`..Oy..A.Q&|...._a...c...2.....g$.+..k..:n.s7q..x....?PK....&.........PK...........H............0...com/sun/java/accessibility/AccessBridge$10.class.TYO.Q...e`.. ..X.j;...W.Z*j.u.....7ep.!3w._.1&...&....>.....q..m.s.{..l...._...n..0(IN.!...VajH`D.(.v.$.U....v....$g%9.!....N..T.Wq.!.d..e.Vj.
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:Java archive data (JAR)
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):187727
                                                                                                                                                                                                            Entropy (8bit):7.7958934328326075
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:3072:aMxm+j7ZPrDuryFpqOv2xHamAIGiDZDo81qnI/vs7O04OvwFgBPlHl:nNduOJv29amxGiDtonI87aGBPlF
                                                                                                                                                                                                            MD5:82C16750374D5CCA5FDAA9434BAF8143
                                                                                                                                                                                                            SHA1:9B49F07BFB6F4AE73EB9B2FADCAE46E02E31F023
                                                                                                                                                                                                            SHA-256:1F0966EBD65544669395E9F490A3D397DCF122D5261566734BB422C68CFE64B8
                                                                                                                                                                                                            SHA-512:12A32FBE2A0A824EC33BD6D0A22066C0CB74D13EEBC16622FFE420CD48B4EB5878C981384DEBE30285D6231B3224E5CD2380C22D8C18624E52E5C74B62221661
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:PK........{..H................META-INF/......PK..............PK........{..H................META-INF/MANIFEST.MF.M..LK-...K-*...R0.3..r.JM,IM.u.........+h..%&.*8.....%...k.r.r..PK..<:S1C...D...PK...........H............/...com/sun/java/accessibility/AccessBridge$1.class.S.n.@.=.........6.....BU.D.T..CQ.x.8+...F.u...$...>..B.....5.....9.gfg......St....,........sp....z*. ......".e........MG.|N..(...a.=..9!Tz.@..GJ.W./...s<..8&t.9...m......8..Jt.`..:....Q.?.a....H......y.$.Y..a.....m.c5...K.....'.....Y.`^.5..|..z_.q.*....]2p....[..P..b.A.C...W..j..(H3.....a.~...;.Z.^,.T...6QB..L.+g...%l_R....H.V..el&..#F.~6.1.9.C.g$M.+.vn..&........k 8 ...._..."G=.6P.#._@.o(}.........s`..Oy..A.Q&|...._a...c...2.....g$.+..k..:n.s7q..x....?PK....&.........PK...........H............0...com/sun/java/accessibility/AccessBridge$10.class.TYO.Q...e`.. ..X.j;...W.Z*j.u.....7ep.!3w._.1&...&....>.....q..m.s.{..l...._...n..0(IN.!...VajH`D.(.v.$.U....v....$g%9.!....N..T.Wq.!.d..e.Vj.
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:Java archive data (JAR)
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):3860522
                                                                                                                                                                                                            Entropy (8bit):7.9670916513081735
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:98304:PI1SwP9utPgTIb0bxSxwF1nNZVdEILeH9IIyYNO4Inwz:PI1HYgkoxSxI9fs4UVIwz
                                                                                                                                                                                                            MD5:AE86774D28F1C8270A9BCBD12A9A1865
                                                                                                                                                                                                            SHA1:7806C70550F435C2C87D2D15E427E5A9F97774E4
                                                                                                                                                                                                            SHA-256:0402FBCB23D381DEDE4DF4228F2D100D8693C5B3BAB885AB5EB98BCC0A269786
                                                                                                                                                                                                            SHA-512:2EA1E0372A087915FFFCCA2DEFC817C37BD038B02824BFEC1DA4E881A4C908A93AEB37DAA38840F75BCEAFD02EC09088FE648B0305DA0407E93407EAC770BE63
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:PK........s..H................META-INF/......PK..............PK........s..H................META-INF/MANIFEST.MF.M..LK-...K-*...R0.3..r.q.B........E..%.).N. e.z.......E..9....E..E.%@...\.\.PK...n..N...Z...PK...........H................sun/text/resources/cldr/aa/FormatData_aa.classmPMO.@.}........(.@..xB....!b,1i8..6X..I.5._.'.....(..".9.yy3.f?..?..`?...*6T.5l....aG......=...mqN.......t...:6g.;`^....d.L..\0.|.b...w&.....c.;...8%H...........RqA.......b. ..p./G......B0..K.Sx6...>4\....Zy.!..".R.N....T....=..c~d.7...3(5.<.....a;F....\....a8@..a.@..d^.]YV"k....U...2'#...rX.K...ue...O....bZ.:CB...jZ.]3...2M.s....3}.ct%.GV..PK...]..d.......PK...........H................sun/text/resources/cldr/af/FormatData_af.classuV.x[W.>...a[y......R.+-..K].I.4..(...b.=....a.h...({..B!...{.U......w../...y...?.;w>.u..w..A.......xE.nFxe.nAx...^.p+.k.^..z.7 ...M.oFx..[...v.3..!.....Bx7.{.nGx/....@x?...."..A..!|....G.>..1..#|....B......A.,...>..../"|...._A.*........o"|.....A...........".
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:Java archive data (JAR)
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):8286
                                                                                                                                                                                                            Entropy (8bit):7.790619326925194
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:192:tX5jIgU7WbMCc0XmHTEIWB7EH+mqcEb+wYtvEmkbKdG:tXZU7WbMoWTFWBAH+BCrEmkh
                                                                                                                                                                                                            MD5:7FA7F97FA1CC0CC8ACC37B9DAE4464AE
                                                                                                                                                                                                            SHA1:C143646A6DBE2EBDB1FBF69C09793E7F07DBC1F5
                                                                                                                                                                                                            SHA-256:36820223C5B9A225DC3FF7C1C3930BDB112F1D9AAB2BEE954FF1A1C1828E2C54
                                                                                                                                                                                                            SHA-512:AD9A0E358BE7A765B4A554E6BBE35BDD61A52BCAC9F21915D84C2A1929780150DFDCF0E43121D0E844082B1BB92873ED848ACF9B38FF3C7D826E5D0F5D32C26C
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:PK........s..H................META-INF/......PK..............PK........s..H................META-INF/MANIFEST.MF.M..LK-...K-*...R0.3..r.JM,IM.u.........+h..%&.*8.....%...k.r.r..PK..<:S1C...D...PK...........H............2...sun/net/spi/nameservice/dns/DNSNameService$1.class.S]O.A.=......./@."e.,(>AH.` )..g.......l../j....LD..F_.M.xw.j.....s.{g.~.........d.n...9.0e.N..i.E.......~A.&.H..7....[<.7|....]f_.....r.)W....*~(B....nM..F.Z!.z.....Ye.(...B.3..2.AM0......pO..x.!.#.0U.I.G..Tu.&..L.......e.![.U..;...-.2.6.<.02P..9...R.......la...*.H....!.."-..H..E].Z.k^.W:p.J^s. .x .c..7j>.A..T...TfG...f....!.6zm.p.F..-.q.K.....1.!.w.C+,2..J....0.!C...0Lw...@..s[.cmp%I-.5..o...1.D].]q..4..-.t1...m.q.3.;\....D.+/..../...N....uv...R.|<<.2M...4...O.yz.F*A...).3{.....7....]..g.i..9&m.[.......K_.}.,;)}F..VR.w........|I.+..B.a...F.-C....h......Y...N...t..D.:.<..d..u`..r..B...PK..K.".u.......PK...........H............2...sun/net/spi/nameservice/dns/DNSNameService$2.class.
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:Java archive data (JAR)
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):44516
                                                                                                                                                                                                            Entropy (8bit):7.905075370162141
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:768:2YVL1eqfgKbWnXuZ/QvfBPJr+A6tkZQnWn109KqM9jE4z:2KL1eWgfnXuEfJQAdQnWn10kqg3z
                                                                                                                                                                                                            MD5:1A33FF1FDD789E655D5E2E99E9E719BD
                                                                                                                                                                                                            SHA1:AE88E6000EBD7F547E3C047FC81AE1F65016B819
                                                                                                                                                                                                            SHA-256:A23A9A653A261C640703B42839137F8C4BF7650665E62DBDD7D538171BD72516
                                                                                                                                                                                                            SHA-512:0451393D805414D6633824F3D18B609F7495324FAB56DF4330E874A8995BD9E0DA567D77DB682D7FD1544CD7E6A3D10745C23DB575035E391B02D6EE4C4362FD
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:PK........{..H................META-INF/......PK..............PK........{..H................META-INF/MANIFEST.MF.M..LK-...K-*...R0.3..r.JM,IM.u.........+h..%&.*8.....%...k.r.r..PK..<:S1C...D...PK...........H............Z...com/sun/java/accessibility/util/AccessibilityEventMonitor$AccessibilityEventListener.class.Wkp.........5..5..A6`l..C\j.A...eb)..)dm....J+..h...I.&&...L.4.3.$.aH.q.....M...i..m......KNf4.y..~.9g.>.....[p.:....n..p....(........#.D'".ta/.>.D7.|.s.!..f.o......#\w?o...;q..]x....B...~.....t..4>?.#N.1$Aw........;..#j.HJ0%..p...M.5...V[.. ...*......P...).qZ)......a-i...H2.EM..H.2l.H.eX_.>..(..J_..Lj.Z\3G...,...C|.....T..$,.q.OX...[.u..Qg..6..:...iz.q.-.*...:sD@9j.2[..w..I3a.r....cXM..m..}P..J.WU.d`o.nhD.3.=).)..o2..F*...8^k...f)t.........G...e|.....C*K."#.F...,.m.q..I8)....$..x^......e..?..c.D..8..e..7...U..8..dl...rc.s.7d..3...x.....E`.....n/.8.qY......i.~BQ..\.1.K2~.K...s.C.YN...@.Lh...i....PwwW.W...2.z....<%..F..+..xW.e...K.W0...3......J..)S.
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:Java archive data (JAR)
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):18192143
                                                                                                                                                                                                            Entropy (8bit):5.977388717447885
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:49152:ZxJ9lXlkEhZWLyyQSgxv1/FGfnIWkRXe2p0F7tjRozGfVgMS55pU13JbL5xli3d6:ZhLk2bBSgnFGfnhAXLzAeylvi3dGT
                                                                                                                                                                                                            MD5:042B3675517D6A637B95014523B1FD7D
                                                                                                                                                                                                            SHA1:82161CAF5F0A4112686E4889A9E207C7BA62A880
                                                                                                                                                                                                            SHA-256:A570F20F8410F9B1B7E093957BF0AE53CAE4731AFAEA624339AA2A897A635F22
                                                                                                                                                                                                            SHA-512:7672D0B50A92E854D3BD3724D01084CC10A90678B768E9A627BAF761993E56A0C6C62C19155649FE9A8CEEABF845D86CBBB606554872AE789018A8B66E5A2B35
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:PK...........H................META-INF/....PK...........H..>.g...g.......META-INF/MANIFEST.MFManifest-Version: 1.0..Ant-Version: Apache Ant 1.8.2..Created-By: 1.8.0_40-b27 (Oracle Corporation)....PK..........H................com/PK..........H................com/sun/PK........j..H................com/sun/deploy/PK........j..H................com/sun/deploy/uitoolkit/PK........j..H................com/sun/deploy/uitoolkit/impl/PK...........H............!...com/sun/deploy/uitoolkit/impl/fx/PK...........H............$...com/sun/deploy/uitoolkit/impl/fx/ui/PK...........H................com/sun/deploy/uitoolkit/impl/fx/ui/resources/PK...........H............4...com/sun/deploy/uitoolkit/impl/fx/ui/resources/image/PK........}..H................com/sun/glass/PK...........H................com/sun/glass/events/PK...........H................com/sun/glass/ui/PK...........H................com/sun/glass/ui/delegate/PK...........H................com/sun/glass/ui/win/PK..........H................com/su
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:Java archive data (JAR)
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):1178848
                                                                                                                                                                                                            Entropy (8bit):7.964832897711047
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:12288:qLvFVMHxMyEg7+dYmx0nqEdgq2C942bjAHcOveMdDLtHHicwqJM5SznKMWKdk/H2:cF9rYmxQ5tOcOdFwqSYzn0DfYHs4jOBK
                                                                                                                                                                                                            MD5:24857AD811CEDA70BD0F087FD28B5B6E
                                                                                                                                                                                                            SHA1:707305EB10B1464D40BDEABADE77B80B984A621A
                                                                                                                                                                                                            SHA-256:321D646AD29A5B180CA98BB49E81C2C732523B7E5145A3C568766CEC06B2B1CD
                                                                                                                                                                                                            SHA-512:A10A340BDB2DE2D0D14ED804F04313D1D4CBD64EF0513A9E54B7FA95FFB05F2123C9095A4B2BFFA4DDF3ADEA9A67E978D26D115A8F5677AE1BD0EE67C416FA5A
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:PK........u..H................META-INF/......PK..............PK........u..H................META-INF/MANIFEST.MF.M..LK-...K-*...R0.3..r.JM,IM.u.........+h..%&.*8.....%...k.r.r..PK..<:S1C...D...PK...........H............,...sun/text/resources/ar/CollationData_ar.classm..O.A...Y[("...E..Q.....z....M.1A.f....m.n.G|._.WP@.R^T.D._.......b.N.H.....<..!._....!...j...#bCD.U..*.1"6ED.#*[..xp....;.:"....Q..O.'..:....3..5.~.J.~2.8.a.......e/....S....A.#.c.l...<n.ljM%.^.O%.y.w.K.;jD.X...._......,.B'\.;'.K.{...x.G..cL...9^`..x.W..0F....!...P.8&0.)..[..+.e.T.\.+w."g.YW.E...]....[....c....}.(.b..m1n..<`..[,..-&m...C.....W....}..k>y..x.....X K.fY..1.1..L.z.;.K.....n}..4...f0..|6.}..0..X."..+=.........n...6.Y.............l.o..%..w.8Ks..gq......3t/8C.........~<..<.3<....%....0F...(r..1..\5s..UO..jf..L..f...........................!.!.!.!.!.!.a..............................n&..... ..3.76.....#....l.OD......G.../..J.W..*...k5.V..........?.V..6...F...t.....X...X.
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):1511
                                                                                                                                                                                                            Entropy (8bit):5.142622776492157
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:24:EV677x6CFRf08P86xX+4jz98ht4QLlJVzDOFw5DOFFVzDOFvVzDOFz5qlV/FRARV:EE796OfT0OZjzGs6lDitfitigXFqX6Kp
                                                                                                                                                                                                            MD5:77ABE2551C7A5931B70F78962AC5A3C7
                                                                                                                                                                                                            SHA1:A8BB53A505D7002DEF70C7A8788B9A2EA8A1D7BC
                                                                                                                                                                                                            SHA-256:C557F0C9053301703798E01DC0F65E290B0AE69075FB49FCC0E68C14B21D87F4
                                                                                                                                                                                                            SHA-512:9FE671380335804D4416E26C1E00CDED200687DB484F770EBBDB8631A9C769F0A449C661CB38F49C41463E822BEB5248E69FD63562C3D8C508154C5D64421935
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:% VERSION 2..% WARNING: this file is auto-generated; do not edit..% UNSUPPORTED: this file and its format may change and/or..% may be removed in a future release..! access-bridge-32.jar..com/sun/java/accessibility/..! access-bridge.jar..com/sun/java/accessibility/..! cldrdata.jar..sun/text..sun/util..# dnsns.jar..META-INF/services/sun.net.spi.nameservice.NameServiceDescriptor..sun/net..! jaccess.jar..com/sun/java/accessibility/..# localedata.jar..sun/text..sun/util..# nashorn.jar..jdk/nashorn..META-INF/services/javax.script.ScriptuserFactory..jdk/internal..# sunec.jar..sun/security..META-INF/ORACLE_J.RSA..META-INF/ORACLE_J.SF..# sunjce_provider.jar..com/sun/crypto/..META-INF/ORACLE_J.RSA..META-INF/ORACLE_J.SF..# sunmscapi.jar..sun/security..META-INF/ORACLE_J.RSA..META-INF/ORACLE_J.SF..# sunpkcs11.jar..sun/security..META-INF/ORACLE_J.RSA..META-INF/ORACLE_J.SF..# zipfs.jar..META-INF/services/java.nio.file.spi.FileSystemProvider..com/sun/nio/..# jfxrt.jar..META-INF/INDEX.LIST..com/sun
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:Java archive data (JAR)
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):2018860
                                                                                                                                                                                                            Entropy (8bit):7.9328569913001905
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:49152:fBkB7GOrPDSz0fHaIU1KDWtHkLs0amlyYu:fBkoOruSHa/4y/FmA
                                                                                                                                                                                                            MD5:F3E3E7769994C69DFF6E35EF938443CA
                                                                                                                                                                                                            SHA1:758F42C0A03121AD980DC98BE82DCAF790679E79
                                                                                                                                                                                                            SHA-256:CF0268FF39D19876BD42BF59E2CE93BB9AA57E5EE98C212BAE0184BD87F2D35A
                                                                                                                                                                                                            SHA-512:AB4801E8538B9B84124D2B8C36E64232F16DA686C5FA565C5DE2091C910806A850464F5CCC79C9320DF6F8CB943633FC38FEA63F9E0593A44E3541F15F126951
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:PK........o..H................META-INF/......PK..............PK........o..H................META-INF/MANIFEST.MFm....0.E.&...:..q.0.....W.g(>Z.v..E4,...{o..>1&y...w.0JsV....<..A..M.bs.. ......F|.Y... .Bt.K9...N%.).s.D.qVC.......c?......'..B,k...&.......i?^0...o...PK..\K:x........PK........i..H............6...jdk/internal/dynalink/beans/AbstractJavaLinker$1.class.S.N.Q..N[.mY.".....T......7.%....A...t..n..m........k51.....2..H.51....o..|..9?~~;....9..J.Y.g...5......M%.4......z....=..v.OF"..7.#....-.e......nU...G^ K.a/.BF.....y.....*C.C.^..!.R.eH.....j....aK.M...3].....=..;'.;]j*..>C....#*.:..Z.(.N...JvEX.I.e..A..."j...C....t.C.q..:..>.J1}...z`..v...[.. .QTa..kXeX..'.1O.c..1...x..W..a.....3.Gl.VG8.C.tE5P...rN.&.v.....F.V.{.say.0^~m.....e....VW.B..x.h..u.i.K..F..j.[;;..Z.z.^f.8.q~.nR.n....Q.2..$.)B.$..|.;.....'.&. .j|@.E....FP#....A-..."...b.n.".H/c..Ho..s.I./.X..p...}..]F....SP.L.u."@..$o.9.b.'.!.;X~6..PK..]./.<...H...PK........i..H............K...jdk/internal
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):39771
                                                                                                                                                                                                            Entropy (8bit):7.92713480980539
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:768:ah0EOq/w9b3jpSo40ROLB2CUrQbNVkJBtw6pcZWztpQeA4Uz7NWnZVNB3gX083/z:aJOyw9b3joo4hLB2CUr2yBw6pcMtpS44
                                                                                                                                                                                                            MD5:A269905BBB9F7D02BAA24A756E7B09D7
                                                                                                                                                                                                            SHA1:82A0F9C5CBC2B79BDB6CFE80487691E232B26F9C
                                                                                                                                                                                                            SHA-256:E2787698D746DC25C24D3BE0FA751CEA6267F68B4E972CFC3DF4B4EAC8046245
                                                                                                                                                                                                            SHA-512:496841CF49E2BF4EB146632F7D1F09EFA8F38AE99B93081AF4297A7D8412B444B9F066358F0C110D33FEA6AE60458355271D8FDCD9854C02EFB2023AF5F661F6
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:PK.........r.F................META-INF/MANIFEST.MF..I..H....Q..C.f.X..*b......lz..$..dK6..7U....N.5...... .GT.......[.{a...8#(FI......%Ao==...U%%.QOIjL....'.o../..q.q.!....k..)}..4...@J..~\....@..z0._.*....L....=..z.=?)..%... n......HoY.>?........]....Nz..,..c./........6$.@....1.2.X...`:G.j.S..IP.-X...0..8jk...|.....YF.b..u.9...F\.j......y.*Q.'..2.i.S.D...z.j...a..a..L.o..+v. .!.h..8H...d..R.d1a...A.9........zC..Z_.p.`...).t. ...q.1.......\...RS."..11.C.Y..I...J.(.(x.m..N..('[..C.o....H..].<#.%....CZ....[....Y......g..=.2...........I....qm.-....(..BZF.r8=.C(F...I.."...$W....]...9..0b......]...5.M.....`"."k...k....T\....WZQ.>.8..KF..g[Y.c5.s...U..-c....!v..$.rG......1T....bb.s>..R.w....&8.*NX@o+...~,K..2..yI..._f^.l@..|.....U...^...#.P.u!.#..g@/d.<.../..:..V.[.6B.TG....>.D..R\.k....E.E.O4K..Z....f.,..f......hRW...) X......\M.#!)..H..b..f...w..R....w.=.........PC.#...K..|..d.S..Ms.]4q.....c..f......}.NF^.7d...|.*..^\n.l.D..V......
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):279427
                                                                                                                                                                                                            Entropy (8bit):7.90277234368113
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:3072:E/Ieog0SgEOU8pqHbQpr16jWun5bT1aReAaTFMzpx2Xcpll+PrA3YaRBlLi:E/m9eJsppCLJTURe9TFMrQ0fkUK
                                                                                                                                                                                                            MD5:B04074A9FC78DC1409168E1E2D139647
                                                                                                                                                                                                            SHA1:54182C904A48364FC572E3A2631DF14823C29CEF
                                                                                                                                                                                                            SHA-256:BFAD3FB11E7115AAF34719488551BF3205B2FAFFB38681C7F6BDAD19BB7568C2
                                                                                                                                                                                                            SHA-512:E97CA3D53E867E957BF467688F83C53B2FD6FF1EA001B19F03A23096581DC8ADCEC7C1403D164D063B1A437E4BF6FA98E1543626849D4E17E31156CB012F9599
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:PK........aZ.H................META-INF/MANIFEST.MF.|I..V..".?xP...p.#..7.G D.N.......~...)....ic.;..[.k.../3...5.5........O....x....6c4>...].u....h.~2.f,n.O|3.}.|<..._}..o........K..Z.=.$m....>...'....O?...G.>&..)no.......Z=...k..~...O.z....c.|(..9.=..|....q.vc....}..i.3.~.}x...~.?.+..._...}.......|..,.,..&`.s..=.....h...%.g.'~..i......p.;A..B..99{....E..k........)......^IW!.._....+..)....d._0...s......v..R.c.*]..0.C..Z}.....j..O%.I.....J.%..).Q..=..0.J.J...A......%T...$..h.#.N%N.e.ne...=DV.......+.....(..f...yn.P..-...f.ON..d=8-....B.^......S.+........$V`..uz....US..h.8.4^Y-;4.M.+i...dw.9.x..k.]...\u..j{<.....r.....y}.E.....X.~%....zF;.<....+-...X.I.I..]..N`.2.G....c~..J.r.o@..My.(.H,...b.e...5'e./...b;D~.%....};....J....1k5CrO..6....n.....>.t..0a.......,.J./;.q.y...w...J.t&s.2.sYk....1...5..._x.....Q..M.J...N.y3{....R..~.F..V......'z...{|..j5..../.;.NCGG\.....!M...Pfe/l..).zL..9.4....?..o.....}.F..M....~.L.q.] ..x.v..d.]G[...q$.E.o...r.(..
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):32699
                                                                                                                                                                                                            Entropy (8bit):7.878192531974338
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:768:iLy1giOqjU0jNVmOTuDQJD/RpAczsikFfg0y+7aBTS73dyPoXvvKv2PtvHubyKhi:i4giOaU0jNVmOCADZpVsiUf3yua5S7t7
                                                                                                                                                                                                            MD5:2249EAC4F859C7BC578AFD2F7B771249
                                                                                                                                                                                                            SHA1:76BA0E08C6B3DF9FB1551F00189323DAC8FC818C
                                                                                                                                                                                                            SHA-256:A0719CAE8271F918C8613FEB92A7591D0A6E7D04266F62144B2EAB7844D00C75
                                                                                                                                                                                                            SHA-512:DB5415BC542F4910166163F9BA34BC33AF1D114A73D852B143B2C3E28F59270827006693D6DF460523E26516CAB351D2EE3F944D715AE86CD12D926D09F92454
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:PK........)..H................META-INF/MANIFEST.MF....X.........ad2....@..%E..M.^.x.. O_dW.5Qi..8.....).aY=.!.Q....g..AM..&0....d.*./#..yM+......g.[.O..$....I?>X9..G......h.]...".y....do.O..2.Y.\^...}+....p2..u.]...V0}....&..a.C...-.....n.....M...M.F..,.....v@...>>|..["J...U7")..#b.oV.a...l.g..e.s..L.D..={.-gLEt.....!/... q....z.J...0.2e...=.....[]{..N...1....Z.....2...I.k...Sy..Qm...{....;.On..!.@..S.IZ..=......Lo.N4..|.j...!.l..G..}.Q....u....ADh.z.w.-..@%.@...!.".R.nHE.P]..J!..E.9Sw.LM7.&...[v..~.P...bp;.....:id.e..o.h..8.C....l...70..].gp..7.<.P.....Zj.....M......-.(@~...M^.....asJ.Y.1.e...(qW..h.c.Iu...-.A..?.5.Ex.S.oc6.).Qkr..+....|..._..H..!7..hs.r.;.z=.....*#.c....6...O+q.I.....|.4.V....Y.T.....4XO..4.>..1.$h..lu..l0..?...w.......o.u....6..)BG'..f......d.v...........<.i..Bj..d..L.....G.r@1.....0..d......'...........*.rK....5x..8.V..9(..Y.`'.k.N....3b.rx.p..c...M_j%..U.z.|Y.1\....d...-I.<g........-.h.*.F...me.F..p.c.o..
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):250826
                                                                                                                                                                                                            Entropy (8bit):7.951088517189604
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:6144:dKtThM4XbBG7v3jUAbE0MEIynrI25ENN/kv1Pv:dKphM4X1G7PjlbE0MxHLbC
                                                                                                                                                                                                            MD5:2E33D8F1FBEB9239C6FFC0D36DE772D1
                                                                                                                                                                                                            SHA1:3F881E3B34693A96CD3D9E20D6AEABAE98757359
                                                                                                                                                                                                            SHA-256:938C497E97E893D0B9325522475AD9FB2C365A4AF832ED180B570C3E4E6FD559
                                                                                                                                                                                                            SHA-512:DB9A5B0F269BBFC9CB712D8BF170414D649CD72F0DEECCDC3A4D742430E2E29E203F7E462D2DF8F9EC2C82723A8A56FF8FD409CDCBE66547C798B15370B8DB65
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:PK........mS.F................META-INF/MANIFEST.MF.{.........3.. l@ .G...D.#49A/...........Z.jTUj.{g.\.r..4y...n2.y.........s.UI.4S0=_...*....,..sn..N.p..m..C.....F|{..%Q.....m.v...6.Q.|a.k.?....}...../Q[.6..?.....*..v..P....>..O.:%.E..........o.uS..O..S..Jo....}../.........z.b.....?}_..%pL.y....h.aP.a...1....)..$..IH....v.-..q|..D.z8b..y.<...x..M.K]b=.+.0nSt.co(.-.............C.u..2.W..3...+.....9.d.......L..</..P..z+n..JR;V..K....>...D.....<.....=..+e....>L..`......g.....Os..Ly..T..a.`.}.......Z...R..S...c..z......x.U..)...J.........e..=rr..^K.....hY2.U....e........N.9..r).#!V[..`...B.......CW.}o.q......u7..h0?6.P.14N.-J.\.!u`....H..l...1'J=[.+.-.....X.9.@.......a{C.).Z..P(W.}O...%./..XG=...^..N.enV.F<..oW.|....CJ.....\x..g;v.L.Wf...N.#..*..!.L..:.MD.Vy.z.0.L..72...|.=..eB6(z....#:8D..ig....U....SO.t......0_...>S...}.L.ze....=...k&.[...U^p.$...(........m.z.....~.F..........h......z3<LO.y..4.......w.3.......,W8(..3UF.R.....J)J..q.....Z.d.;
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:Java archive data (JAR)
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):68923
                                                                                                                                                                                                            Entropy (8bit):7.950933538093809
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:1536:YNSe2yN5DbD630l1MIeEfqjGWb2LU2j6rnbisZp/u:Ne2yNhDVl1leEP/qn2sZk
                                                                                                                                                                                                            MD5:4D507E8D7BBF5ECEC8791CBA57B1CE17
                                                                                                                                                                                                            SHA1:A66C0D4648A06B9078252D090D596C91C591AA50
                                                                                                                                                                                                            SHA-256:C3993DF765AFF1068A656B28A7A4EDFFE7710AE3B6AA2EA056A6F9C3EDBDC210
                                                                                                                                                                                                            SHA-512:21B4E729B16947B31657DC5F7F5C75DCDA9F94B4A0ED414E11A6D02951137AC266D605855DDDA7C21BE0200EA07530962D1ECE2FAE009EAE5F2A1A365195C995
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:PK........b..H................META-INF/......PK..............PK........b..H................META-INF/MANIFEST.MF..;..0...@...uhI.J6-...E.U..-..(I,..m.|Up=..;.B.:.19...Y.Y*8+M.....p,m...F.....?..zRQ..........l....C..]....cO..T.......ds...(.9,...[.~...;.....>....Y.*T6)4. .3..PK.../.?....L...PK........I..H............-...com/sun/nio/zipfs/JarFileSystemProvider.class.U]S.U.~NH.a.@..B.\.!.$.U[.X..J..H..G...$,Mv.....z....9...........Z.d..a.1.y...<..s.y...~....x&c......q..B.`B.......'b.4...'e.1%......i!f../aV.L......B,.XD..KX.......V..^..@....`SD..`[.C._0.'..p.2.EF...SV.3t-.&OW.Yn....i....vx..=..]}O.J.Y.2.m..q.Tmc.Z.....H.arW[[I.7.L...F.k.E&...../.z.J...,U. QD...%....v...".+s.-f.....e..3....."..bvu[..b..Ag.<I7U*.^J..j....~.W\.2....i.j..1C7..:..U.QM.UG.d.c`4.8.Pf..MA.E.;0...1.r..bX..$l>h..%..,h.*..."^=m.90]}.T.}'.&...B;m.-.9.\T....x.p.laD.....#..U.r..P..o...(.a.....`.E.....*1..4-......fT......H.*kN..1....r.Z"7.J+d....B5.'U...e.).!...rt...^.p3..k.8.j.:..k5T....".
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):4005
                                                                                                                                                                                                            Entropy (8bit):4.909684349537555
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:96:5Th0S7zmtRUioj/DUXBZZjM8mcWoe+YfVktH:5h0Iz6Uioj/YXLZjnmdoeDktH
                                                                                                                                                                                                            MD5:B0CE9F297D3FEC6325C0C784072908F1
                                                                                                                                                                                                            SHA1:DD778A0E5417B9B97187215FFC66D4C14F95FEF0
                                                                                                                                                                                                            SHA-256:6DA00C1CBE02909DCD6A75DA51D25DBF49BFD1D779C0B8E57B12E757229FC4A8
                                                                                                                                                                                                            SHA-512:4C774BCB9ADE996569C86DD46B3BDB046771AD1BCF9AABB9DB86854C83E18015CBE5DF73DA86EE98E26BA0393F548B1CC09DE60BDA4248EACC4FC833E23B8AB4
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:#..# This properties file is used to initialize the default..# java.awt.datatransfer.SystemFlavorMap. It contains the Win32 platform-..# specific, default mappings between common Win32 Clipboard atoms and platform-..# independent MIME type strings, which will be converted into..# java.awt.datatransfer.DataFlavors...#..# These default mappings may be augmented by specifying the..#..# AWT.DnD.flavorMapFileURL ..#..# property in the appropriate awt.properties file. The specified properties URL..# will be loaded into the SystemFlavorMap...#..# The standard format is:..#..# <native>=<MIME type>..#..# <native> should be a string identifier that the native platform will..# recognize as a valid data format. <MIME type> should specify both a MIME..# primary type and a MIME subtype separated by a '/'. The MIME type may include..# parameters, where each parameter is a key/value pair separated by '=', and..# where each parameter to the MIME type is separated by a ';'...#..# Because SystemFla
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:raw G3 (Group 3) FAX
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):3670
                                                                                                                                                                                                            Entropy (8bit):4.40570512634857
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:96:IRsY7hGbXWvaBKvKY5csW4BxciETBT5Bxrws+LW/B56JF:At/vaBKvKY5fxci8jMWY
                                                                                                                                                                                                            MD5:E0E5428560288E685DBFFC0D2776D4A6
                                                                                                                                                                                                            SHA1:2AE70624762C163C8A1533F724AA5A511D8B208E
                                                                                                                                                                                                            SHA-256:AAE23ACC42F217A63D675F930D077939765B97E9C528B5659842515CA975111F
                                                                                                                                                                                                            SHA-512:C726CC2898399579AFA70ACACE86BEC4369D4541112243E51721568B4D25DCC6C66FA64AC475AFF9BA9DE07A630B24A9F221FA00426AD36845203BA809219E3C
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:...%.........6.Y.j.{.........+...........6.=.:.-.9.;.<.3...0.4./.2.8.1.5.7......................................................................................................................................... ............... .........................................................................................................................D.C.I.F.A.G.E.B.?.@.>.H...........................................................................................!.".#.$.%.&.'.(.).*.+.+.+.+.+.J.M.U.^.f.e.X.W.d.V.R.\._.`.a.Y.O.Z.P.S.K.Q.N.[.c.L.T.].b.g.j.}...r.q.l.{.z.....p.o.|.s.k.w.~.t.x.v.y.........h.u.i.m.........n.................................................................................................................................................!......."........... .................#.(.-.2.7.<.A.F.K.P.U.[.a.g.m.s.y......................................................... .(.5.;.H.U.d.v...............................*.4.?.H.T.].i.s.~.............................".7.@.J.R.R.^.i
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):10779
                                                                                                                                                                                                            Entropy (8bit):5.217016051711063
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:192:Pj2TlKg7RzPc/mOHUFN5HX/rS8QbWZjjfVpMbtxp8lcR9NN:Pj6Y8NcFzXbWZjj9pSMlcz
                                                                                                                                                                                                            MD5:0C1DB7410938A3634BD9928BA2F284CB
                                                                                                                                                                                                            SHA1:7EE31F22136E73A2A3D0AAB279199778BAAB06F5
                                                                                                                                                                                                            SHA-256:818A718788E5506EBB84F26DE82B6C60E08861876400E9ED3931346174D5D7FB
                                                                                                                                                                                                            SHA-512:EE267E59564A077713856A307382D40D0D8DF8E7EC2EF930723B076F5E38446D3B2600D10AC192262F9A3A86D9973CF13A9E90D180818C05A6C7896A5BD7AD19
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:#..# ..# Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved...# ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms...#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#....# Version....version=1....# Component Font Mappings....allfonts.chinese-ms936=SimSun..allfonts.chinese-ms936-extb=SimSun-ExtB..allfonts.chinese-gb18030=SimSun-18030..allfonts.chinese-gb18030-extb=SimSun-ExtB..allfonts.chinese-hkscs=MingLiU_HKSCS..allfonts.chinese-ms950-extb=MingLiU-ExtB..allfonts.devanagari=Mangal..allfonts.dingbats=Wingdings..allfonts.lucida=Lucida Sans Regular..allfonts.symbol=Symbol..allfonts.thai=Lucida Sans Regular..allfonts.georgian=Sylfaen....serif.plain.alphabetic=Times New Roman..serif.plain.chinese-ms950=MingLiU..serif.plain.chinese-ms950-extb=MingLiU-ExtB..serif.plain.hebrew=David..serif.plain.japanese=MS Mincho..serif.plain.korean=Batang....serif.bold.alphabetic=Times New Roman Bold..serif.bold.chinese-ms950=PMingLiU..serif.bold.chinese-ms9
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:TrueType Font data, 15 tables, 1st "LTSH", 16 names, Macintosh, Copyright (c) 2000 Bigelow & Holmes Inc. Pat. Des 289,422.Lucida BrightDemiboldLucida Bright Dem
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):75144
                                                                                                                                                                                                            Entropy (8bit):6.849420541001734
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:768:H8Jwt1GIlZ6l0/9tRWhc0x/YxvsTjyIDXCrGU/tlDaKAgKrTLznvzDJIZmjFA0zG:Mwtze9xQcQ/LDaKAgK3LLvzFogbFt5WD
                                                                                                                                                                                                            MD5:AF0C5C24EF340AEA5CCAC002177E5C09
                                                                                                                                                                                                            SHA1:B5C97F985639E19A3B712193EE48B55DDA581FD1
                                                                                                                                                                                                            SHA-256:72CEE3E6DF72AD577AF49C59DCA2D0541060F95A881845950595E5614C486244
                                                                                                                                                                                                            SHA-512:6CE87441E223543394B7242AC0CB63505888B503EC071BBF7DB857B5C935B855719B818090305E17C1197DE882CCC90612FB1E0A0E5D2731F264C663EB8DA3F9
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:...........pLTSH$....#.....OS/2p.{........Vcmap.U.z...T...jcvt 8.E.........fpgm..1.........glyf@>.7...l....hdmx..(:...t..1.head.?....T...6hhea.U........$hmtx..ys...... loca..\4........maxp.8......... name..#.........postM.IA.......prepbM.h.......W.............).......).....d. ............................B&H.. . .3.D.\...... ................................................................................................ !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`a.bcdefghijklmnopqrstuvwxyz{|}~......................................................................................................P...T.@.....~.............&.. . . . . " & 0 : D t .!"!&"."."."."."."+"H"`"e%................3..... .............&.. . . . . & 0 9 D t .!"!&"."."."."."."+"H"`"d%................3.........W.......M...d...............1.....j.y........t.q._./.0.......v.t.r.p.g.T.....R..........................................................................................................
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:TrueType Font data, 15 tables, 1st "LTSH", 16 names, Macintosh, Copyright (c) 2000 Bigelow & Holmes Inc.Lucida BrightDemibold ItalicLucida Bright Demibold Itali
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):75124
                                                                                                                                                                                                            Entropy (8bit):6.805969666701276
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:1536:lww80sTGzcKHwxWL0T+qHi/sbA06PoNORsr5sOnD0OyuusGa7bs4J:lwL0i97WL0T+qHA9cOR05FD0Oyup74w
                                                                                                                                                                                                            MD5:793AE1AB32085C8DE36541BB6B30DA7C
                                                                                                                                                                                                            SHA1:1FD1F757FEBF3E5F5FBB7FBF7A56587A40D57DE7
                                                                                                                                                                                                            SHA-256:895C5262CDB6297C13725515F849ED70609DBD7C49974A382E8BBFE4A3D75F8C
                                                                                                                                                                                                            SHA-512:A92ADDD0163F6D81C3AEABD63FF5C293E71A323F4AEDFB404F6F1CDE7F84C2A995A30DFEC84A9CAF8FFAF8E274EDD0D7822E6AABB2B0608696A360CABFC866C6
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:...........pLTSH.....#.....OS/2k.{........Vcmap.U.z...T...jcvt =jC.........fpgm..1.........glyf.......h...Jhdmx.......`..1.head..X.......6hhea...;.......$hmtx.b......... loca..\....0....maxp...:...D... name .7]...d....postM..A........prep.C.f....................).......).....d. ............................B&H..!. .3.D.\...... ................................................................................................ !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`a.bcdefghijklmnopqrstuvwxyz{|}~......................................................................................................P...T.@.....~.............&.. . . . . " & 0 : D t .!"!&"."."."."."."+"H"`"e%................3..... .............&.. . . . . & 0 9 D t .!"!&"."."."."."."+"H"`"d%................3.........W.......M...d...............1.....j.y........t.q._./.0.......v.t.r.p.g.T.....R..........................................................................................................
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:TrueType Font data, 15 tables, 1st "LTSH", 16 names, Macintosh, Copyright (c) 2000 Bigelow & Holmes Inc. Pat. Des 289,773.Lucida BrightItalicLucida Bright Itali
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):80856
                                                                                                                                                                                                            Entropy (8bit):6.821405620058844
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:1536:jw9ESkPFybxWj1V7zbPUoOPjp85rFqXpLboVklDNTc2Wt:jwZO0xWPTU7l85rFYpLbott
                                                                                                                                                                                                            MD5:4D666869C97CDB9E1381A393FFE50A3A
                                                                                                                                                                                                            SHA1:AA5C037865C563726ECD63D61CA26443589BE425
                                                                                                                                                                                                            SHA-256:D68819A70B60FF68CA945EF5AD358C31829E43EC25024A99D17174C626575E06
                                                                                                                                                                                                            SHA-512:1D1F61E371E4A667C90C2CE315024AE6168E47FE8A5C02244DBF3DF26E8AC79F2355AC7E36D4A81D82C52149197892DAED1B4C19241575256BB4541F8B126AE2
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:...........pLTSH...2..:L....OS/2p.|y.......Vcmap.U.z...T...jcvt F.;.........fpgm..1.........glyf.}.....@....hdmx?..p......1.head.A![.......6hhea.......P...$hmtx3..9...t... loca6..........maxp.......... name...p.......~postM..A...H....prep.......................).......).6...d. ............................B&H.... .3.D.\...... ................................................................................................ !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`a.bcdefghijklmnopqrstuvwxyz{|}~......................................................................................................P...T.@.....~.............&.. . . . . " & 0 : D t .!"!&"."."."."."."+"H"`"e%................3..... .............&.. . . . . & 0 9 D t .!"!&"."."."."."."+"H"`"d%................3.........W.......M...d...............1.....j.y........t.q._./.0.......v.t.r.p.g.T.....R..........................................................................................................
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:TrueType Font data, 15 tables, 1st "LTSH", 16 names, Macintosh, Copyright (c) 2000 Bigelow & Holmes Inc. Pat. Des 289,421.Lucida BrightRegularLucida Bright Regu
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):344908
                                                                                                                                                                                                            Entropy (8bit):6.939775499317555
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:6144:oBfQeUG2CCTufrmOufymM8hvFHp277tS9iZFYSATxNm:oNQ3vCCTcaFNJw7tSgYS82
                                                                                                                                                                                                            MD5:630A6FA16C414F3DE6110E46717AAD53
                                                                                                                                                                                                            SHA1:5D7ED564791C900A8786936930BA99385653139C
                                                                                                                                                                                                            SHA-256:0FAAACA3C730857D3E50FBA1BBAD4CA2330ADD217B35E22B7E67F02809FAC923
                                                                                                                                                                                                            SHA-512:0B7CDE0FACE982B5867AEBFB92918404ADAC7FB351A9D47DCD9FE86C441CACA4DD4EC22E36B61025092220C0A8730D292DA31E9CAFD7808C56CDBF34ECD05035
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:...........pLTSHN..U..=....~OS/2...S.......Vcmap..tO...T....cvt =|t>.......tfpgm..1....`....glyf.J.........Jhdmx]......D....head.WD...h...6hhea.j.........$hmtxW.6|........loca............maxp......4.... nameJO....4....rpost..g...8,..M.prep.].O.......T.............).......).....d. .............."....`........B&H..@. ...D.]...... ................................................................................................ !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`a.bcdefghijklmnopqrstuvwxyz{|}~......................................................................................................|...........~.............&.u.z.~.......................O.\.....................:.R.m.......... . . . . " & 0 : D t .!"!&!.".%....................3.b.r.t....... .............&.t.z.~.........................Q.^...................!.@.`.p........ . . . . & 0 9 D t .!"!&!.".%....................3.^.p.t.v.........W.......M......................................................
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:TrueType Font data, 15 tables, 1st "LTSH", 19 names, Macintosh, Copyright (c) 1999, 2001 by Bigelow & Holmes Inc. Pat. Des. 289,420.Lucida SansDemiboldLucida Sa
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):317896
                                                                                                                                                                                                            Entropy (8bit):6.869598480468745
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:6144:R5OO1ZjNDE7/MsTJ30otegK4zJwz3UhG5jXsrg2HLzYv7cf0R7o7+WX/ov2DG:bOO11CEo9xzJwljXsrhHQ7cMuX/16
                                                                                                                                                                                                            MD5:5DD099908B722236AA0C0047C56E5AF2
                                                                                                                                                                                                            SHA1:92B79FEFC35E96190250C602A8FED85276B32A95
                                                                                                                                                                                                            SHA-256:53773357D739F89BC10087AB2A829BA057649784A9ACBFFEE18A488B2DCCB9EE
                                                                                                                                                                                                            SHA-512:440534EB2076004BEA66CF9AC2CE2B37C10FBF5CC5E0DD8B8A8EDEA25E3613CE8A59FFCB2500F60528BBF871FF37F1D0A3C60396BC740CCDB4324177C38BE97A
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:...........pLTSH_R.a........OS/2...........Vcmapz.$L.......Zcvt ...y...8...hfpgm..1.........glyf......\....hdmx..0A.......hhead..&..:H...6hhea......:....$hmtx.,Z:..:.....loca.~'...T.....maxp......n.... name..=%..n....Kpost$.#...s$..[?prep......d...a..........................................)........2'............'........ ....................".".............0.%...............%...........)....................... ......0 ..............................) ) ) ) ...........................................2.2.2.2.).......................................................'"'"'"1....0.........................................................................................................'.....'...........)..,...&,....#............./&.....&.&.$.....$...$........'....... ....)...."...,.......+.....'....).,.....-)..)................... ..."..................,.........(.........,........................../..2.......+.........,.#) .....................+..).........0......+...............,.,.,......
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:TrueType Font data, 18 tables, 1st "GDEF", 19 names, Macintosh, Copyright (c) 1999 by Bigelow & Holmes Inc. Pat. Des. 289,420.Lucida SansRegularLucida Sans Regu
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):698236
                                                                                                                                                                                                            Entropy (8bit):6.892888039120645
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:12288:6obn11t7t7DxT+3+OQ64cctiOAq12ZX/DmfT6R83Sd8uvx7wSnyER4ky+SH/KPKQ:6oTJZzHniOAZ783Sd8uvx7wSnyER4kyI
                                                                                                                                                                                                            MD5:B75309B925371B38997DF1B25C1EA508
                                                                                                                                                                                                            SHA1:39CC8BCB8D4A71D4657FC92EF0B9F4E3E9E67ADD
                                                                                                                                                                                                            SHA-256:F8D877B0B64600E736DFE436753E8E11ACB022E59B5D7723D7D221D81DC2FCDE
                                                                                                                                                                                                            SHA-512:9C792EF3116833C90103F27CFD26A175AB1EB11286959F77062893A2E15DE44D79B27E5C47694CBBA734CC05A9A5BEFA72E991C7D60EAB1495AAC14C5CAD901D
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:........... GDEF..|.......GPOS.......L...HGSUB.f.........LTSH...........uOS/2.#GQ...,...Vcmap..4........4cvt .y..........fpgm.!&.........glyf. ..........hdmx...M...(...\head..........6hhea...........$hmtx.S........-.loca'.c......-.maxp...Y....... nameW..r........post.&-.........prep.........................).......).....d. ...................{........B&H..@. ...D.]......`................................................................................................ !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`a.bcdefghijklmnopqrstuvwxyz{|}~..........................................................................................................".....".~...............E.u.z.~.......................O.\...............................:.R.m.............9.M.T.p.:.[.... . F p . . .!8!.!.".#.#.#!$i%.%.%.%.%.%.%.%$%,%4%<%l%.%.%.%.%.%.%.%.%.%.%.%.%.%.%.%.&.&.&.&.&<&@&B&`&c&f&k'.'.'''K'M'R'V'^'g'.'.'................ .3.....6.<.>.A.D.N.b.r.t......... .........P.......t.z.~
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:TrueType Font data, 13 tables, 1st "OS/2", 16 names, Macintosh, Copyright (c) 1999, 2001 by Bigelow & Holmes Inc.Lucida Sans TypewriterBoldLucida Sans Typewrite
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):234068
                                                                                                                                                                                                            Entropy (8bit):6.901545053424004
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:6144:3BPS7w5KIMtYwqcO3GbA4MJcs2ME9UGQ2n9gM/oD:xVMtgcGGPMJcs4b9gM/4
                                                                                                                                                                                                            MD5:A0C96AA334F1AEAA799773DB3E6CBA9C
                                                                                                                                                                                                            SHA1:A5DA2EB49448F461470387C939F0E69119310E0B
                                                                                                                                                                                                            SHA-256:FC908259013B90F1CBC597A510C6DD7855BF9E7830ABE3FC3612AB4092EDCDE2
                                                                                                                                                                                                            SHA-512:A43CF773A42B4CEBF4170A6C94060EA2602D2D7FA7F6500F69758A20DC5CC3ED1793C7CEB9B44CE8640721CA919D2EF7F9568C5AF58BA6E3CF88EAE19A95E796
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:...........POS/2..........VcmapW......4....cvt .M/.........fpgm..1.........glyf|......@....head.c....L...6hhea...........$hmtx.e.........tloca..h..."....xmaxp......7.... name......7.....post1..%..;h..I.prep.......4... .............3.......3...1.f................+...x.........B&H.. . ...D.]......`................................................................................................ !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`a....................................................................................................................................x...........~...............u.z.~.......................O.\...............................:.R.m...........:.[.... . . . " & 0 3 : < > D . . . . .!.!.!.!"!&!.!^!.!.".".".".".".".")"+"H"a"e#.#.#!%.%.%.%.%.%.%.%$%,%4%<%l%.%.%.%.%.%.%.%.%.%.%.%.%.%.%.&<&@&B&`&c&f&k...................3...b.r.t....... ...............t.z.~.........................Q.^.............................!.@.`.p...........?.... . . . &
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:TrueType Font data, 13 tables, 1st "OS/2", 16 names, Macintosh, Copyright (c) 1999 by Bigelow & Holmes Inc.Lucida Sans TypewriterRegularLucida Sans Typewriter R
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):242700
                                                                                                                                                                                                            Entropy (8bit):6.936925430880877
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:3072:VwzZsJcCrn271g+UGFDUnrrHqMyBtlc3+fzx5R1zeqZdDgfSkecUfEDpEXzSyPMx:GWcCrn2C46Ak+naqaucYEDpEX3gZoO9
                                                                                                                                                                                                            MD5:C1397E8D6E6ABCD727C71FCA2132E218
                                                                                                                                                                                                            SHA1:C144DCAFE4FAF2E79CFD74D8134A631F30234DB1
                                                                                                                                                                                                            SHA-256:D9D0AAB0354C3856DF81AFAC49BDC586E930A77428CB499007DDE99ED31152FF
                                                                                                                                                                                                            SHA-512:DA70826793C7023E61F272D37E2CC2983449F26926746605C550E9D614ACBF618F73D03D0C6351B9537703B05007CD822E42E6DC74423CB5CC736B31458D33B1
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:...........POS/2...s.......`cmap..Rh...<....cvt m......@...<fpgm..1....|....glyf..;}...8....head.,j..2L...6hhea......2....$hmtx.....2.....loca.PB...H(....maxp.z....].... namex.R...].....post...Q..ax..I.prep.UJ....\.................).......).....d. ..............{.............B&H..@. ...D.\...... ........=..... ......................................................................................... !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`a.bcdefghijklmnopqrstuvwxyz{|}~..................................................................................................................~...............u.z.~.......................O.\...............................:.R.m...........:.[.... . . . " & 0 3 : < > D . . . .!.!.!.!"!&!.!^!.!.".".".".".".".")"+"H"a"e#.#.#!%.%.%.%.%.%.%.%$%,%4%<%l%.%.%.%.%.%.%.%.%.%.%.%.%.%.%.&<&@&B&`&c&f&k.........................3...b.r.t....... ...............t.z.~.........................Q.^.............................!.@.`.p...........?..
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):14331
                                                                                                                                                                                                            Entropy (8bit):3.512673497574481
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:96:W6Zh/3dzz8XIrN2r1CdaqRWtHwBWgvw0Jy/ArUsJzu0HI:W6jhGIwxCdaqWQBWgvw0JyorBJzu0o
                                                                                                                                                                                                            MD5:6E378235FB49F30C9580686BA8A787AA
                                                                                                                                                                                                            SHA1:2FC76D9D615A35244133FC01AB7381BA49B0B149
                                                                                                                                                                                                            SHA-256:B4A0C0A98624C48A801D8EA071EC4A3D582826AC9637478814591BC6EA259D4A
                                                                                                                                                                                                            SHA-512:58558A1F8D9D3D6F0E21B1269313FD6AC9A80A93CC093A5E8CDEC495855FCD2FC95A6B54FE59E714E89D9274654BB9C1CD887B3FB9D4B9D9C50E5C5983C571B8
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:# Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved...# ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms...#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..# This properties file defines a Hijrah calendar variant...#..# Fields:..#..# <version> ::= 'version' '=' <version string>..# <id> ::= 'id' '=' <id string>..# <type> ::= 'type' '=' <type string>..# <iso-start> ::= 'iso-start' '=' <start date in the ISO calendar>..# <year> ::= <yyyy> '=' <nn nn nn nn nn nn nn nn nn nn nn nn>..#..# version ... (Required)..#..# id ... (Required)..# Identifies the Java Chronology..#..# type ... (Required)..# Identifies the type of calendar in the standard calendar ID scheme..# iso-start ... (Required)..# Specifies the corresponding ISO date to the first Hijrah day..# in the defined range of dates..#..# year ... (Required)..# Number of days for each month of a Hijrah year..# * Each line defines a ye
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):657
                                                                                                                                                                                                            Entropy (8bit):4.993355967240905
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:12:QcwmIzDpneoeoeoeoeoeoeoeoeoeoeoeoeoeoeoeoeoeoeoe9B7aEiwoXH3Eoe4Q:QhDpemaoXHIB5foMS1JUqf07f
                                                                                                                                                                                                            MD5:9FD47C1A487B79A12E90E7506469477B
                                                                                                                                                                                                            SHA1:7814DF0FF2EA1827C75DCD73844CA7F025998CC6
                                                                                                                                                                                                            SHA-256:A73AEA3074360CF62ADEDC0C82BC9C0C36C6A777C70DA6C544D0FBA7B2D8529E
                                                                                                                                                                                                            SHA-512:97B9D4C68AC4B534F86EFA9AF947763EE61AEE6086581D96CBF7B3DBD6FD5D9DB4B4D16772DCE6F347B44085CEF8A6EA3BFD3B84FBD9D4EF763CEF39255FBCE3
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:# Copyright (c) 2001, 2013, Oracle and/or its affiliates. All rights reserved...# ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms...#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..# List of JVMs that can be used as an option to java, javac, etc...# Order is important -- first in this list is the default JVM...# NOTE that this both this file and its format are UNSUPPORTED and..# WILL GO AWAY in a future release...#..# You may also select a JVM in an arbitrary location with the..# "-XXaltjvm=<jvm_dir>" option, but that too is unsupported..# and may not be available in a future release...#..-client KNOWN..-server KNOWN..
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):1320
                                                                                                                                                                                                            Entropy (8bit):5.02145006262851
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:24:n3lG0Bf4dJ0qEAmG620WKG0WBph8T2AGjGg0kz8lrbfOi7:3E0Bf4qrzrlWzy+ckUfP
                                                                                                                                                                                                            MD5:01B94C63BD5E6D094E84FF3AD640FFBF
                                                                                                                                                                                                            SHA1:5570F355456250B1EC902375B0257584DB2360AE
                                                                                                                                                                                                            SHA-256:52845DEB58038B4375C30B75DD2053726872758C96597C7CC5D6CEF11F42A2BA
                                                                                                                                                                                                            SHA-512:816BE2271CF3ECF10EE40E24A288CE302B2810010BEF76EFC0CE5746591955921B70F19005335F485D61A7B216DCCE0B06750831720DD426D07709154D5FAC7A
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:#..#..# Cursors Properties file..#..# Names GIF89 sources for Custom Cursors and their associated HotSpots..#..# Note: the syntax of the property name is significant and is parsed..# by java.awt.Cursor..#..# The syntax is: Cursor.<name>.<geom>.File=win32_<filename>..# Cursor.<name>.<geom>.HotSpot=<x>,<y>..#. Cursor.<name>.<geom>.Name=<localized name>..#..Cursor.CopyDrop.32x32.File=win32_CopyDrop32x32.gif..Cursor.CopyDrop.32x32.HotSpot=0,0..Cursor.CopyDrop.32x32.Name=CopyDrop32x32..#..Cursor.MoveDrop.32x32.File=win32_MoveDrop32x32.gif..Cursor.MoveDrop.32x32.HotSpot=0,0..Cursor.MoveDrop.32x32.Name=MoveDrop32x32..#..Cursor.LinkDrop.32x32.File=win32_LinkDrop32x32.gif..Cursor.LinkDrop.32x32.HotSpot=0,0..Cursor.LinkDrop.32x32.Name=LinkDrop32x32..#..Cursor.CopyNoDrop.32x32.File=win32_CopyNoDrop32x32.gif..Cursor.CopyNoDrop.32x32.HotSpot=6,2..Cursor.CopyNoDrop.32x32.Name=CopyNoDrop32x32..#..Cursor.MoveNoDrop.32x32.File=win32_MoveNoDrop32x32.gif..Cursor.MoveNoDrop.32x32.Ho
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:GIF image data, version 89a, 32 x 32
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):153
                                                                                                                                                                                                            Entropy (8bit):6.2813106319833665
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:3:Csl7X/7/xlXlLaFGkDPF4V0Pee1F/sjtH5ybOCb1C3sxlWn:NljDjkFHF4V0Peene15tutsn
                                                                                                                                                                                                            MD5:1E9D8F133A442DA6B0C74D49BC84A341
                                                                                                                                                                                                            SHA1:259EDC45B4569427E8319895A444F4295D54348F
                                                                                                                                                                                                            SHA-256:1A1D3079D49583837662B84E11D8C0870698511D9110E710EB8E7EB20DF7AE3B
                                                                                                                                                                                                            SHA-512:63D6F70C8CAB9735F0F857F5BF99E319F6AE98238DC7829DD706B7D6855C70BE206E32E3E55DF884402483CF8BEBAD00D139283AF5C0B85DC1C5BF8F253ACD37
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:GIF89a . ................!.......,.... . ...j.?...o..T....._]-..9.`..D...f........^...n.`.%C......<..E..S&QL.....n+...R....'|N...."U........(8HXhx.X..;
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:GIF image data, version 89a, 31 x 32
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):165
                                                                                                                                                                                                            Entropy (8bit):6.347455736310776
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:3:CruuU/XExlHrBwM7Qt/wCvTjh2Azr8ptBNKtWwUzJ7Ful5u44JyYChWn:KP0URwMcx3UAzADBNwUlBul5TLYMWn
                                                                                                                                                                                                            MD5:89CDF623E11AAF0407328FD3ADA32C07
                                                                                                                                                                                                            SHA1:AE813939F9A52E7B59927F531CE8757636FF8082
                                                                                                                                                                                                            SHA-256:13C783ACD580DF27207DABCCB10B3F0C14674560A23943AC7233DF7F72D4E49D
                                                                                                                                                                                                            SHA-512:2A35311D7DB5466697D7284DE75BABEE9BD0F0E2B20543332FCB6813F06DEBF2457A9C0CF569449C37F371BFEB0D81FB0D219E82B9A77ACC6BAFA07499EAC2F7
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:GIF89a.. ................!.......,...... ...vL...-....F....o.U.8J..'J.....3...a...."...")..=fPHS......h.Zc.KDj........k.-mF.. V..9'......f.T....w.xW.B.....P..;
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:GIF image data, version 89a, 32 x 32
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):153
                                                                                                                                                                                                            Entropy (8bit):6.2813106319833665
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:3:Csl7X/7/xlXlLaFGkDPF4V0Pee1F/sjtH5ybOCb1C3sxlWn:NljDjkFHF4V0Peene15tutsn
                                                                                                                                                                                                            MD5:1E9D8F133A442DA6B0C74D49BC84A341
                                                                                                                                                                                                            SHA1:259EDC45B4569427E8319895A444F4295D54348F
                                                                                                                                                                                                            SHA-256:1A1D3079D49583837662B84E11D8C0870698511D9110E710EB8E7EB20DF7AE3B
                                                                                                                                                                                                            SHA-512:63D6F70C8CAB9735F0F857F5BF99E319F6AE98238DC7829DD706B7D6855C70BE206E32E3E55DF884402483CF8BEBAD00D139283AF5C0B85DC1C5BF8F253ACD37
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:GIF89a . ................!.......,.... . ...j.?...o..T....._]-..9.`..D...f........^...n.`.%C......<..E..S&QL.....n+...R....'|N...."U........(8HXhx.X..;
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:GIF image data, version 89a, 31 x 32
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):168
                                                                                                                                                                                                            Entropy (8bit):6.465243369905675
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:3:CruuU/XExlHrZauowM7Qt/wCvTjh2Azr8ptBNKtWwUzJZmQYRNbC1MIQvEn:KP0UpawMcx3UAzADBNwUlZaCzn
                                                                                                                                                                                                            MD5:694A59EFDE0648F49FA448A46C4D8948
                                                                                                                                                                                                            SHA1:4B3843CBD4F112A90D112A37957684C843D68E83
                                                                                                                                                                                                            SHA-256:485CBE5C5144CFCD13CC6D701CDAB96E4A6F8660CBC70A0A58F1B7916BE64198
                                                                                                                                                                                                            SHA-512:CF2DFD500AF64B63CC080151BC5B9DE59EDB99F0E31676056CF1AFBC9D6E2E5AF18DC40E393E043BBBBCB26F42D425AF71CCE6D283E838E67E61D826ED6ECD27
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:GIF89a.. ................!.......,...... ...yL...-....F....o.U.8J..'J.....3...a...."...")..=fPHS......h.Zc.KDj........k.-mF.6.'.....`1]......u.Q.r.V..C......f.P..;
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:GIF image data, version 89a, 32 x 32
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):153
                                                                                                                                                                                                            Entropy (8bit):6.2813106319833665
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:3:Csl7X/7/xlXlLaFGkDPF4V0Pee1F/sjtH5ybOCb1C3sxlWn:NljDjkFHF4V0Peene15tutsn
                                                                                                                                                                                                            MD5:1E9D8F133A442DA6B0C74D49BC84A341
                                                                                                                                                                                                            SHA1:259EDC45B4569427E8319895A444F4295D54348F
                                                                                                                                                                                                            SHA-256:1A1D3079D49583837662B84E11D8C0870698511D9110E710EB8E7EB20DF7AE3B
                                                                                                                                                                                                            SHA-512:63D6F70C8CAB9735F0F857F5BF99E319F6AE98238DC7829DD706B7D6855C70BE206E32E3E55DF884402483CF8BEBAD00D139283AF5C0B85DC1C5BF8F253ACD37
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:GIF89a . ................!.......,.... . ...j.?...o..T....._]-..9.`..D...f........^...n.`.%C......<..E..S&QL.....n+...R....'|N...."U........(8HXhx.X..;
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:GIF image data, version 89a, 31 x 32
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):147
                                                                                                                                                                                                            Entropy (8bit):6.147949937659802
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:3:CruuU/XExlHrSauZKwM7Qt/wCvTjh2Azr8ptBNKtWXOh6WoXt2W:KP0UvEKwMcx3UAzADBNXOh6h9p
                                                                                                                                                                                                            MD5:CC8DD9AB7DDF6EFA2F3B8BCFA31115C0
                                                                                                                                                                                                            SHA1:1333F489AC0506D7DC98656A515FEEB6E87E27F9
                                                                                                                                                                                                            SHA-256:12CFCE05229DBA939CE13375D65CA7D303CE87851AE15539C02F11D1DC824338
                                                                                                                                                                                                            SHA-512:9857B329ACD0DB45EA8C16E945B4CFA6DF9445A1EF457E4B8B40740720E8C658301FC3AB8BDD242B7697A65AE1436FD444F1968BD29DA6A89725CDDE1DE387B8
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:GIF89a.. ................!.......,...... ...dL...-....F....o.U.8J..'J.....3...a...."...")..=fPHS......h.Zc.KDj.....-.kj..m.....X,&.......S..;
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:GIF image data, version 89a, 32 x 32
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):153
                                                                                                                                                                                                            Entropy (8bit):6.2813106319833665
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:3:Csl7X/7/xlXlLaFGkDPF4V0Pee1F/sjtH5ybOCb1C3sxlWn:NljDjkFHF4V0Peene15tutsn
                                                                                                                                                                                                            MD5:1E9D8F133A442DA6B0C74D49BC84A341
                                                                                                                                                                                                            SHA1:259EDC45B4569427E8319895A444F4295D54348F
                                                                                                                                                                                                            SHA-256:1A1D3079D49583837662B84E11D8C0870698511D9110E710EB8E7EB20DF7AE3B
                                                                                                                                                                                                            SHA-512:63D6F70C8CAB9735F0F857F5BF99E319F6AE98238DC7829DD706B7D6855C70BE206E32E3E55DF884402483CF8BEBAD00D139283AF5C0B85DC1C5BF8F253ACD37
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:GIF89a . ................!.......,.... . ...j.?...o..T....._]-..9.`..D...f........^...n.`.%C......<..E..S&QL.....n+...R....'|N...."U........(8HXhx.X..;
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):58
                                                                                                                                                                                                            Entropy (8bit):4.4779965120705425
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:3:CEBqRM9LTAGQdLV6ETEBqRM9LHQIuHPy:CEAsnAbLlszQdy
                                                                                                                                                                                                            MD5:3C2B9CCAAD3D986E5874E8C0F82C37CF
                                                                                                                                                                                                            SHA1:D1DDA4A2D5D37249C8878437DBF36C6AE61C33D1
                                                                                                                                                                                                            SHA-256:D5BCD7D43E383D33B904CFF6C80ACE359DBE2CE2796E51E9743358BD650E4198
                                                                                                                                                                                                            SHA-512:4350CCA847D214479C6AE430EB71EE98A220EA10EC175D0AB317A8B43ABC9B4054E41D0FF383F26D593DE825F761FB93704E37292831900F31E5E38167A41BAB
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:javafx.runtime.version=8.0.101..javafx.runtime.build=b13..
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:Java archive data (JAR)
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):476286
                                                                                                                                                                                                            Entropy (8bit):7.905283162751186
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:12288:k4VtaECp5plmgYhuWvHuR9Ta/+Aw7okxygk+W:kUChlHYHMaHw7XxW
                                                                                                                                                                                                            MD5:5D8C1723F3005BD63DBA2B478CE15621
                                                                                                                                                                                                            SHA1:AB26A6167789DCF81A0C40D121DC91005804C703
                                                                                                                                                                                                            SHA-256:B637B78CFC33C92D4838D5FABFD0647CE03C3EF69D86EF6A7E6F229510AAF3B5
                                                                                                                                                                                                            SHA-512:9830CCDFE913A492BB4E0015EE3E729BEA8EC1F22EDF48ED7CE2AEFD5376DF24F33948B9155E31EDFA9BC240544406FD2C43A34DD1366E4936B3318D3CA5ED1C
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:PK...........H................META-INF/....PK...........H...7Z...e.......META-INF/MANIFEST.MF.M..LK-...K-*...R0.3..r.C.q,HL.HU...%...y...R.KRSt.*...L....u....4....sR......K..5y.x..PK...........H................com/PK...........H................com/sun/PK...........H................com/sun/javaws/PK...........H................com/sun/javaws/exceptions/PK...........H................com/sun/javaws/jnl/PK...........H................com/sun/javaws/net/PK...........H................com/sun/javaws/net/protocol/PK...........H............ ...com/sun/javaws/net/protocol/jar/PK...........H................com/sun/javaws/progress/PK...........H................com/sun/javaws/security/PK...........H................com/sun/javaws/ui/PK...........H................com/sun/javaws/util/PK...........H................com/sun/jnlp/PK...........H................javax/PK...........H................javax/jnlp/PK...........H~p4=........#...com/sun/javaws/BrowserSupport.class.RMO.1.}...].H @.|.|(...P..B.....
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):114950
                                                                                                                                                                                                            Entropy (8bit):7.912507028584016
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:1536:5sNJO+ylt6se6sgU0w/XzGYWuSy15DudYLSfaxwpt5g1naZEqwoJ8sYcF+z/VSG8:aj8GHXZSy1pudYLdQe1ATtKVS+ws9O
                                                                                                                                                                                                            MD5:A39F61D6ED2585519D7AF1E2EA029F59
                                                                                                                                                                                                            SHA1:52515AC6DEAB634F3495FD724DEA643EE442B8FD
                                                                                                                                                                                                            SHA-256:60724D9E372FBE42759349A06D3426380CA2B9162FA01EB2C3587A58A34AD7E0
                                                                                                                                                                                                            SHA-512:AC2E9AB749F5365BE0FB8EBD321E8F231D22EAE396053745F047FCBCCF8D3DE2F737D3C37A52C715ADDFBDBD18F14809E8B37B382B018B58A76E063EFBA96948
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:PK........gwHG................META-INF/MANIFEST.MF.Y....Y.C,j.m.,....z..I &1.m....b........D..+.$t......]....h.o......x...~..?..<@....7#n3.......m../\..u..>.....#......~.K..A..x ..../J...xa..,.._...G...?^...{...>.uj.AQ?^h....c_.pc..W....c.A..`....-.~ak.....^.&.......l.......X.kG.~yg..f......Z..b..L|......4....`..}........mG.o.....kU..*;W.HCU....e.....V..,...1Y.z<.n.A.j.....P..S.($,z........uD".9;..q...k.:p3pW......O...(....\.B...2...#.,.;w.q..k0r.el\F.^.!p..$.....}.9..lhf.P..:.E.&Lf..5.7....W.A.....[7.N}..+.J!.9.Gl.... ...rL.B}.Q.,.'.....@...W.ry[Ok&.......o...dp%..2.\.[2.........fB.p..Xd._.lA....xw..`.r..8...o.....ad}-..;...6....e...F.&e\....'...fA.Db.......%.@..^..U...*..q<.Z.K.T...."r.b...7@8.)4..~.4b....Y.q..u..N..|...e.#.I....4c{.....g.R....]......F.fo.F.u.).F.Z]..(.c|s....u.i..8..=..N%....]...)Xj\..t..w..ql..n.....2..u...|x$7YL.M.?..]..W...m^].~...{....I..{......[-..].f....Sc..c..6..kN.>....7x.k..a7S......8..e.w....*......&.;.
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:Java archive data (JAR)
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):560553
                                                                                                                                                                                                            Entropy (8bit):5.781566946934384
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:12288:G5l+qU67FYWg+YWgYWeoXqgYSq8eh2f/m5NwaHkSIJHvWQ6Q7ooMcgH5lY7TQ5cD:G5l+qU67FYWg+YWgYWeoXqgYSq8eh2f3
                                                                                                                                                                                                            MD5:CCB395235C35C3ACBA592B21138CC6AB
                                                                                                                                                                                                            SHA1:29C463AA4780F13E77FB08CC151F68CA2B2958D5
                                                                                                                                                                                                            SHA-256:27AD8EA5192EE2D91BA7A0EACE9843CB19F5E145259466158C2F48C971EB7B8F
                                                                                                                                                                                                            SHA-512:D4C330741387F62DD6E52B41167CB11ABD8615675FE7E1C14AE05A52F87A348CBC64B56866AE313B2906B33CE98BE73681F769A4A54F6FE9A7D056F88CF9A4E1
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:PK........t..H................META-INF/....PK........t..H.s0>...>.......META-INF/MANIFEST.MFManifest-Version: 1.0..Implementation-Vendor: Oracle Corporation..Implementation-Title: Java Runtime Environment..Implementation-Version: 1.8.0_101..Specification-Vendor: Oracle Corporation..Created-By: 1.7.0_07 (Oracle Corporation)..Specification-Title: Java Platform API Specification..Specification-Version: 1.8....PK...........HB.<>^...^...8...com/oracle/jrockit/jfr/client/EventSettingsBuilder.class.......4....5.f..g....f..4.h..4.i..j....f..4.k..l....m..4.n..o....f..4.p..q..r....f....s....t....u....v..w..x..y....z..{....|....}....~.................................#.........................)...................................................eventDefaultSets...Ljava/util/ArrayList;...Signature..DLjava/util/ArrayList<Loracle/jrockit/jfr/settings/EventDefaultSet;>;...settings..ALjava/util/ArrayList<Loracle/jrockit/jfr/settings/EventSetting;>;...eventDescriptorType..2Loracle/jrockit/jfr/openmbean/
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):20670
                                                                                                                                                                                                            Entropy (8bit):4.627043889535612
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:192:VOMjUVCEM0Ut0ZINFWbqsZSwOVzx8xyxxxbAJ1muS7khPdyPsXZd2ZhptEgReW82:VONVTVgF9SsTMLA
                                                                                                                                                                                                            MD5:47495DA4E7B3AF33F5C3ED1E35AC25AE
                                                                                                                                                                                                            SHA1:F6DE88A4C6AE0C14B9F875FB4BC4721A104CB0EE
                                                                                                                                                                                                            SHA-256:37D19EAC73DEEB613FBB539AE7E7C99339939EB3EFEC44E9EB45F68426E9F159
                                                                                                                                                                                                            SHA-512:74DBEB118575B8881D5B43270EF878162DBDC222AC6D20F04699B2B733427347ABC76D6E82BF7728FCC435129B114E4C75D011FC5DDDEAF5A59E137BBC81F2B9
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="UTF-8"?>.... .. Recommended way to edit .jfc files is to use Java Mission Control,.. see Window -> Flight Recorder Template Manager...-->....<configuration version="1.0" name="Continuous" description="Low overhead configuration safe for continuous use in production environments, typically less than 1 % overhead." provider="Oracle">.... <producer uri="http://www.oracle.com/hotspot/jvm/" label="Oracle JDK">.... <control>.... .. Contents of the control element is not read by the JVM, it's used.. by Java Mission Control to change settings that carry the control attribute... -->.... <selection name="gc-level" default="detailed" label="Garbage Collector">.. <option label="Off" name="off">off</option>.. <option label="Normal" name="detailed">normal</option>.. <option label="All" name="all">all</option>.. </selection>.... <condition name="gc-enabled-normal" true="true" false="fals
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):20626
                                                                                                                                                                                                            Entropy (8bit):4.626761353117893
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:192:VeMjUECOwMsUt0ZINFWbqeZSwOVza8ayaxabAJ1duSikhPdyPsXZd2ZhptEgReWL:VeNEg/gF/ZnixLy
                                                                                                                                                                                                            MD5:5480BEF2CA99090857E5CBF225C12A78
                                                                                                                                                                                                            SHA1:E1F73CA807EC14941656FBE3DB6E5E5D9032041D
                                                                                                                                                                                                            SHA-256:5FB0982C99D6BF258335FB43AAAE91919804C573DFD87B51E05C54ADB3C0392B
                                                                                                                                                                                                            SHA-512:65FE0D6DA17E62CF29875910EB84D57BC5BB667C753369B4F810028C0995E63C322FAD2EB99658B6C19E11E8D2A40CB11B3C09943EB9C0B88F45626579ECE058
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="UTF-8"?>.... .. Recommended way to edit .jfc files is to use Java Mission Control,.. see Window -> Flight Recorder Template Manager...-->....<configuration version="1.0" name="Profiling" description="Low overhead configuration for profiling, typically around 2 % overhead." provider="Oracle">.... <producer uri="http://www.oracle.com/hotspot/jvm/" label="Oracle JDK">.... <control>.... .. Contents of the control element is not read by the JVM, it's used.. by Java Mission Control to change settings that carry the control attribute... -->.... <selection name="gc-level" default="detailed" label="Garbage Collector">.. <option label="Off" name="off">off</option>.. <option label="Normal" name="detailed">normal</option>.. <option label="All" name="all">all</option>.. </selection>.... <condition name="gc-enabled-normal" true="true" false="false">.. <or>.. <test name="
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:Java archive data (JAR)
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):33932
                                                                                                                                                                                                            Entropy (8bit):7.930702746433849
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:768:xYJfTGikW6VajSe/SA5vN9kqizE48ojVxQYuW+t:xY5TpkK/nFNIzptjVxYHt
                                                                                                                                                                                                            MD5:C401E00A5DE0DD9723885CEF9E2F5A44
                                                                                                                                                                                                            SHA1:B6735B93811517F062A20869D8A0B57FAEFF6A90
                                                                                                                                                                                                            SHA-256:C6574F4763696F2A83028DE143D9ED1C975062BA2D44CC5C91558751FB84BCD6
                                                                                                                                                                                                            SHA-512:595B950AD5BFF930654BF7FB996BA222D19B4F175821AB0FD6EC4F54D4B7D62B37757429051D1302BC438AB76350B4CD0A07BA712CAECC79DCDB0C60494B5AB2
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:PK...........H................META-INF/....PK...........H.E..Z...g.......META-INF/MANIFEST.MF.M..LK-...K-*...R0.3..r.C.q,HL.HU...%-..x...R.KRSt.*A.-...M.t....4....sR......K..5y.x..PK...........H................javafx/PK...........H................javafx/embed/PK...........H................javafx/embed/swt/PK...........Hj...........%...javafx/embed/swt/CustomTransfer.class.T[S.F.=.MX(..!............8..`h.d....." yd..........4....%..k.N..ka.83..[.....|+...........#.OD..1...1.1.S1....*>..I..TL.....Y..*.S.q.-KAja..6.M.Y7V|.v...e............+...u...Z.....Z......k...O.v.....x..f...M.v...~I....j.N.(.R.... ..n.%).l:.N..,J...-.%.os:.v.K..V.._p.u.l..e...S5...^.....3+.Yy.h.RtGR..y.)..~...g..R.;5K...{.G.*..X.JP....D....8..[3.g...'d.e#Z.|c.j.t..F.w..t.W.j.,K[q.^..E.=M.a..6d.Z..yV.....=..........:.WG.............RA.<......qT...,*.=.....t\......(aI.2.....!..Jp.,..<.x..n.S....N.K.e.W....N.-..`....hmQ.E.fGE..$..n...4I{.......l_.)......?.Z>...t
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:Java archive data (JAR)
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):633957
                                                                                                                                                                                                            Entropy (8bit):6.018176262975427
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:6144:ABoQeW0HKwYGORU+ehqEmke1WEAibVR0GPs4j8GgflXhuuMAjYDTj:Uo40WGdNmpb3DP75
                                                                                                                                                                                                            MD5:FD1434C81219C385F30B07E33CEF9F30
                                                                                                                                                                                                            SHA1:0B5EE897864C8605EF69F66DFE1E15729CFCBC59
                                                                                                                                                                                                            SHA-256:BC3A736E08E68ACE28C68B0621DCCFB76C1063BD28D7BD8FCE7B20E7B7526CC5
                                                                                                                                                                                                            SHA-512:9A778A3843744F1FABAD960AA22880D37C30B1CAB29E123170D853C9469DC54A81E81A9070E1DE1BF63BA527C332BB2B1F1D872907F3BDCE33A6898A02FEF22D
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:PK........u..H................META-INF/....PK........u..H.s0>...>.......META-INF/MANIFEST.MFManifest-Version: 1.0..Implementation-Vendor: Oracle Corporation..Implementation-Title: Java Runtime Environment..Implementation-Version: 1.8.0_101..Specification-Vendor: Oracle Corporation..Created-By: 1.7.0_07 (Oracle Corporation)..Specification-Title: Java Platform API Specification..Specification-Version: 1.8....PK...........H....E...E...+...com/sun/net/ssl/internal/ssl/Provider.class.......4...............................serialVersionUID...J...ConstantValue.,..c".J-...<init>...()V...Code...LineNumberTable...(Ljava/security/Provider;)V...(Ljava/lang/String;)V...isFIPS...()Z...install...SourceFile...Provider.java......................%com/sun/net/ssl/internal/ssl/Provider...sun/security/ssl/SunJSSE.1.......................................!........*...................)...*............."........*+......................./............."........*+...................3...4.)........................
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:Algol 68 source, ASCII text, with CRLF line terminators
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):4312
                                                                                                                                                                                                            Entropy (8bit):4.756104846669624
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:96:6VprYJmprYJD9Y3t3qFKPG7hLxVJgdTsfbFfcwQoPv:6HrsursD9Y3t36KPG7HyoBQoX
                                                                                                                                                                                                            MD5:AD91D69A4129D31D72FBE288FF967943
                                                                                                                                                                                                            SHA1:CB510AFCDBECEA3538C3F841C0440194573DBB65
                                                                                                                                                                                                            SHA-256:235A50D958FAEDDE808D071705A6D603F97611F568EEC40D7444984B984A4B18
                                                                                                                                                                                                            SHA-512:600BEE4676D26E2CE5B9171582540021509A4D7888C9C7BADC14F0FAD07007E4CE2B4C007A8EB15BD0D977722B8B34442012EA972FFBD72797475A56CDFD86EE
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:Copyright (c) 2003, 2005, Oracle and/or its affiliates. All rights reserved.....Redistribution and use in source and binary forms, with or without..modification, are permitted provided that the following conditions..are met:.... - Redistributions of source code must retain the above copyright.. notice, this list of conditions and the following disclaimer..... - Redistributions in binary form must reproduce the above copyright.. notice, this list of conditions and the following disclaimer in the.. documentation and/or other materials provided with the distribution..... - Neither the name of Oracle nor the names of its.. contributors may be used to endorse or promote products derived.. from this software without specific prior written permission.....THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS..IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,..THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR..PURP
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):2514
                                                                                                                                                                                                            Entropy (8bit):4.525846572478507
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:48:/GXieQT8cg6ZGBjn4stbaWUwO61xFMxO9:OXieW8nBjn4x613Mw9
                                                                                                                                                                                                            MD5:0AA5D5EFDB4F2B92BEBBEB4160AA808B
                                                                                                                                                                                                            SHA1:C6F1B311A4D0790AF8C16C1CA9599D043BA99E90
                                                                                                                                                                                                            SHA-256:A3148336160EA7EF451052D1F435F7C9D96EEB738105AC730358EDADA5BD45A2
                                                                                                                                                                                                            SHA-512:A52C2B784CF0B01A2AF3066F4BB8E7FD890A86CFD82359A22266341942A25333D4C63BA2C02AA43ADE872357FC9C8BBC60D311B2AF2AD2634D60377A2294AFDD
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:############################################################..# .Default Logging Configuration File..#..# You can use a different file by specifying a filename..# with the java.util.logging.config.file system property. ..# For example java -Djava.util.logging.config.file=myfile..############################################################....############################################################..# .Global properties..############################################################....# "handlers" specifies a comma separated list of log Handler ..# classes. These handlers will be installed during VM startup...# Note that these classes must be on the system classpath...# By default we only configure a ConsoleHandler, which will only..# show messages at the INFO and above levels...handlers= java.util.logging.ConsoleHandler....# To also add the FileHandler, use the following line instead...#handlers= java.util.logging.FileHandler, java.util.logging.ConsoleHandler....# Default global
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:Java archive data (JAR)
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):381
                                                                                                                                                                                                            Entropy (8bit):4.99308306420453
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:6:5ji0B4r/Rjiszbdy/oocj+sqX2K5YZ5/CUMQxxi6m4xijgxmzbdGh/4:5ji0GJjiIq1cCvXPA/CUMQxoeocx2K/4
                                                                                                                                                                                                            MD5:B608D45DCDD7A4CAD6A63A89A002F683
                                                                                                                                                                                                            SHA1:F6E3BB7050C3B1A3BED9B33122C4A98E6B9A810D
                                                                                                                                                                                                            SHA-256:52CA96531445B437DCA524CB3714FCD8D70221D37A6B9C80F816713C3040DD0A
                                                                                                                                                                                                            SHA-512:407E7CA807826F0E41B085BCA0F54F0134E3B9AC16FA5480EDE02774067DAD46AA07D225BA2981DEC2A7297EA57721EAB8C54E8BED83D352EC6C00ABFDBBF626
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:PK........t..H................META-INF/......PK..............PK........t..H................META-INF/MANIFEST.MF.M..LK-...K-*...R0.3..r.JM,IM.u.........+h..%&.*8.....%...k.r9....:.$..[).....&.%....E..r.\.E....y...r..PK.....k.......PK..........t..H..............................META-INF/....PK..........t..H...k.....................=...META-INF/MANIFEST.MFPK..........}.........
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):4077
                                                                                                                                                                                                            Entropy (8bit):4.472483528668558
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:96:eii7cSoFKfgCe/D4dtQN+wvohSoVGPbPvRZUIpeDMy:eiiISokfXeEk+wQhnMPbnRZR7y
                                                                                                                                                                                                            MD5:41B36D832BE39A3CF0F3D7760E55FDCB
                                                                                                                                                                                                            SHA1:E706E9BE75604A13DFCC5A96B1720A544D76348B
                                                                                                                                                                                                            SHA-256:71A930CBE577CBABB4269650C98D227F739E0D4B9C0B44830DD3D52F5015BE1F
                                                                                                                                                                                                            SHA-512:41E6B8639C1CEB3D09D2FDEEEBA89FFA17C4ED8B1AD0DF1E5AB46C4BF178688D5504DC5A3C854226F7DA23DFA0EDAB0D035D6B56495829F43AAA2A7BABEC4273
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:######################################################################..# Default Access Control File for Remote JMX(TM) Monitoring..######################################################################..#..# Access control file for Remote JMX API access to monitoring...# This file defines the allowed access for different roles. The..# password file (jmxremote.password by default) defines the roles and their..# passwords. To be functional, a role must have an entry in..# both the password and the access files...#..# The default location of this file is $JRE/lib/management/jmxremote.access..# You can specify an alternate location by specifying a property in ..# the management config file $JRE/lib/management/management.properties..# (See that file for details)..#..# The file format for password and access files is syntactically the same..# as the Properties file format. The syntax is described in the Javadoc..# for java.util.Properties.load...# A typical access file has multiple
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):2920
                                                                                                                                                                                                            Entropy (8bit):4.545881645777106
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:48:MRSflLrmpop7JN/PgP8KAeoYsnZyhNMVJKWfVStEqwP0pba:Mkv7ngUZYsnRnfYdhE
                                                                                                                                                                                                            MD5:5DD28AAF5A06C946DF7B223F33482FDF
                                                                                                                                                                                                            SHA1:D09118D402CA3BA625B165ECACE863466D7F4CE9
                                                                                                                                                                                                            SHA-256:24674176A4C0E5EEFB9285691764EA06585D90BBDAF5BF40C4220DE7CA3E3175
                                                                                                                                                                                                            SHA-512:13C6F37E969A5AECE2B2F938FA8EBF6A72C0C173678A026E77C35871E4AE89404585FB1A3516AE2CA336FC47EAB1F3DD2009123ADBA9C437CD76BA654401CBDF
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:# ----------------------------------------------------------------------..# Template for jmxremote.password..#..# o Copy this template to jmxremote.password..# o Set the user/password entries in jmxremote.password..# o Change the permission of jmxremote.password to read-only..# by the owner...#..# See below for the location of jmxremote.password file...# ----------------------------------------------------------------------....##############################################################..# Password File for Remote JMX Monitoring..##############################################################..#..# Password file for Remote JMX API access to monitoring. This..# file defines the different roles and their passwords. The access..# control file (jmxremote.access by default) defines the allowed..# access for each role. To be functional, a role must have an entry..# in both the password and the access files...#..# Default location of this file is $JRE/lib/management/jmx
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):14415
                                                                                                                                                                                                            Entropy (8bit):4.623139916889837
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:192:PLrOKIXaIr8Jzc90OEqfmdbHHHN6pDIdpgzri:PLrOKIXaIgYiOE0mdbHHHNGD4p0+
                                                                                                                                                                                                            MD5:054E093240388F0322604619EF643F18
                                                                                                                                                                                                            SHA1:6E110C2A5D813013E9C57700BE8B0D17896E950C
                                                                                                                                                                                                            SHA-256:BF41D73EAB0DA8222FE24255E1BBF68327FB02B1A4F1E7A81B9C7B539033FFB2
                                                                                                                                                                                                            SHA-512:BD60C6271CDEFFFF4563E6E2CF97C176D86F160092D1FFCBE7EEFE714BA75DDC5FB4E848A5FDBE7A1D1510720D92AF6A176A76DE2CC599F27E4BEAE8E692C5D3
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:#####################################################################..#.Default Configuration File for Java Platform Management..#####################################################################..#..# The Management Configuration file (in java.util.Properties format)..# will be read if one of the following system properties is set:..# -Dcom.sun.management.jmxremote.port=<port-number>..# or -Dcom.sun.management.snmp.port=<port-number>..# or -Dcom.sun.management.config.file=<this-file>..#..# The default Management Configuration file is:..#..# $JRE/lib/management/management.properties..#..# Another location for the Management Configuration File can be specified..# by the following property on the Java command line:..#..# -Dcom.sun.management.config.file=<this-file>..#..# If -Dcom.sun.management.config.file=<this-file> is set, the port..# number for the management agent can be specified in the config file..# using the following lines:..#..# ################ Management Agen
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):3486
                                                                                                                                                                                                            Entropy (8bit):4.4357861198752975
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:48:MlXHR6+76EX0o8KA0Esns+ek2OrRC9AUE4T7AKQi2r8BKS3GpPsDu0cpUxJAJKk3:M9HRb7l0FAEsnJKmS32X00h
                                                                                                                                                                                                            MD5:9D9EC1BB9E357BBFB72B077E4AF5F63F
                                                                                                                                                                                                            SHA1:6484B03DBE9687216429D3A6F916773C060E15CE
                                                                                                                                                                                                            SHA-256:8B02A29BC61B0F7203DF7CA94140F80D2C6A1138064E0441DFD621CF243A0339
                                                                                                                                                                                                            SHA-512:5FE39BBFCA806CE45871A6223D80FA731EFAA5D31C3B97EE055AB77EAF3833342945F39E9858335D9DD358B4B7F984FFADE741452E19B60B8E510AA74AC02C00
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:# ----------------------------------------------------------------------..# Template for SNMP Access Control List File..#..# o Copy this template to snmp.acl..# o Set access control for SNMP support..# o Change the permission of snmp.acl to be read-only..# by the owner...#..# See below for the location of snmp.acl file...# ----------------------------------------------------------------------....############################################################..# SNMP Access Control List File ..############################################################..#..# Default location of this file is $JRE/lib/management/snmp.acl...# You can specify an alternate location by specifying a property in ..# the management config file $JRE/lib/management/management.properties..# or by specifying a system property (See that file for details)...#......##############################################################..# File permissions of the snmp.acl file..######################
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):2126
                                                                                                                                                                                                            Entropy (8bit):4.970874214349507
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:48:EE796OfeCiuG2M5tP5iMmC5KOAY2HQii+r4IzteKk:EnEiuGJbP5lmC5KOA3HQii+EIz8Kk
                                                                                                                                                                                                            MD5:91AA6EA7320140F30379F758D626E59D
                                                                                                                                                                                                            SHA1:3BE2FEBE28723B1033CCDAA110EAF59BBD6D1F96
                                                                                                                                                                                                            SHA-256:4AF21954CDF398D1EAE795B6886CA2581DAC9F2F1D41C98C6ED9B5DBC3E3C1D4
                                                                                                                                                                                                            SHA-512:03428803F1D644D89EB4C0DCBDEA93ACAAC366D35FC1356CCABF83473F4FEF7924EDB771E44C721103CEC22D94A179F092D1BFD1C0A62130F076EB82A826D7CB
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:% VERSION 2..% WARNING: this file is auto-generated; do not edit..% UNSUPPORTED: this file and its format may change and/or..% may be removed in a future release..# charsets.jar..sun/nio..sun/awt..# jce.jar..javax/crypto..sun/security..META-INF/ORACLE_J.RSA..META-INF/ORACLE_J.SF..# jfr.jar..oracle/jrockit/..jdk/jfr..com/oracle/jrockit/..! jsse.jar..sun/security..com/sun/net/..! management-agent.jar..@ resources.jar..com/sun/java/util/jar/pack/..META-INF/services/sun.util.spi.XmlPropertiesProvider..META-INF/services/javax.print.PrintServiceLookup..com/sun/corba/..META-INF/services/javax.sound.midi.spi.SoundbankReader..sun/print..META-INF/services/javax.sound.midi.spi.MidiFileReader..META-INF/services/sun.java2d.cmm.CMMServiceProvider..javax/swing..META-INF/services/javax.sound.sampled.spi.AudioFileReader..META-INF/services/javax.sound.midi.spi.MidiDeviceProvider..sun/net..META-INF/services/javax.sound.sampled.spi.AudioFileWriter..com/sun/imageio/..META-INF/services/sun.java2d.pipe.Ren
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):3144
                                                                                                                                                                                                            Entropy (8bit):4.858724831876285
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:48:VBnTRxiW1nTbXMROXX6zcjd6vEzcoZDTzcj8L0zccfbb6wB:VBnvisPMQ6z+zPVzv0zVfvT
                                                                                                                                                                                                            MD5:1CBB261944925044B1EE119DC0563D05
                                                                                                                                                                                                            SHA1:05F2F63047F4D82F37DFA59153309E53CAA4675C
                                                                                                                                                                                                            SHA-256:5BAF75BDD504B2C80FF5B98F929A16B04E9CB06AA8AAE30C144B5B40FEBE0906
                                                                                                                                                                                                            SHA-512:C964A92BE25BACF11D20B61365930CAB28517D164D9AE4997651E2B715AA65628E45FA4BD236CCD507C65E5D85A470FD165F207F446186D22AE4BD46A04006E6
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:############################################################..# .Default Networking Configuration File..#..# This file may contain default values for the networking system properties...# These values are only used when the system properties are not specified..# on the command line or set programatically...# For now, only the various proxy settings can be configured here...############################################################....# Whether or not the DefaultProxySelector will default to System Proxy..# settings when they do exist...# Set it to 'true' to enable this feature and check for platform..# specific proxy settings..# Note that the system properties that do explicitely set proxies..# (like http.proxyHost) do take precedence over the system settings..# even if java.net.useSystemProxies is set to true... ..java.net.useSystemProxies=false....#------------------------------------------------------------------------..# Proxy configuration for the various protocol handlers...# D
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:Java archive data (JAR)
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):1012097
                                                                                                                                                                                                            Entropy (8bit):7.896417877823185
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:24576:q7jNpf26MPAMSL/wxSz2ijt2eejo+oV3vv:6NVZEaL4xSljt2eHNV3
                                                                                                                                                                                                            MD5:54EF6C22FAAAE5850091031763078D37
                                                                                                                                                                                                            SHA1:11D40B78BB606E245CB5E17C6DDB08193A34B40E
                                                                                                                                                                                                            SHA-256:654B033B1DC315EB9806F0D35ABAF3F25064AC806292ACB2BD818F6B2DF2AD07
                                                                                                                                                                                                            SHA-512:10998B6508D5571E1ECE2001C6E561169D3DBD7580A3DE439067D1195FBE85E6BD1729A0874E306234391AF963E1B062050276E1AC0E9C9FA289711738B41B31
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:PK........!..H................META-INF/....PK........ ..H...7Z...e.......META-INF/MANIFEST.MF.M..LK-...K-*...R0.3..r.C.q,HL.HU...%...y...R.KRSt.*...L....u....4....sR......K..5y.x..PK...........H................com/PK...........H................com/sun/PK...........H................com/sun/deploy/PK...........H................com/sun/deploy/uitoolkit/PK...........H................com/sun/deploy/uitoolkit/impl/PK........!..H............"...com/sun/deploy/uitoolkit/impl/awt/PK...........H............#...com/sun/deploy/uitoolkit/impl/text/PK...........H................com/sun/deploy/uitoolkit/ui/PK...........H................com/sun/java/PK...........H................com/sun/java/browser/PK...........H................com/sun/java/browser/plugin2/PK...........H............)...com/sun/java/browser/plugin2/liveconnect/PK...........H............,...com/sun/java/browser/plugin2/liveconnect/v1/PK...........H................netscape/PK...........H................netscape/javascript/PK.........
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):2915
                                                                                                                                                                                                            Entropy (8bit):5.2172692442941075
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:48:GgQv18IsTJvuUdEt6u7KeblbhGwQEvzZIE+i+WEi+Iq4fNSg2kv:Gb6Xha1hFGwQEvdh+5g2kv
                                                                                                                                                                                                            MD5:A38587427E422D55B012FA3E5C9436D2
                                                                                                                                                                                                            SHA1:7BD1B81B39DA78124BE045507E0681E860921DBB
                                                                                                                                                                                                            SHA-256:D2C47DE948033ED836B375CCD518CF55333FE11C4CED56BC1CE2FF62114CF546
                                                                                                                                                                                                            SHA-512:EA6CA975E9308ED2B3BBCCE91EE61142DAB0067CE8F17CB469929F6136E6B4A968BAC838141D8B38866F9EF5E15E156400859CCCC84FB114214E19556F0DC636
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:#..#..# Copyright (c) 1996, 2000, Oracle and/or its affiliates. All rights reserved...# ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms...#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#....#..#.Japanese PostScript printer property file..#..font.num=16..#..serif=serif..timesroman=serif..sansserif=sansserif..helvetica=sansserif..monospaced=monospaced..courier=monospaced..dialog=sansserif..dialoginput=monospaced..#..serif.latin1.plain=Times-Roman..serif.latin1.italic=Times-Italic..serif.latin1.bolditalic=Times-BoldItalic..serif.latin1.bold=Times-Bold..#..sansserif.latin1.plain=Helvetica..sansserif.latin1.italic=Helvetica-Oblique..sansserif.latin1.bolditalic=Helvetica-BoldOblique..sansserif.latin1.bold=Helvetica-Bold..#..monospaced.latin1.plain=Courier..monospaced.latin1.italic=Courier-Oblique..monospaced.latin1.bolditalic=Courier-BoldOblique..monospaced.latin1.bold=Courier-Bold..#..serif.x11jis0208.plain=Ryumin-Light-H..serif.x11jis0208.italic=Ryumin-Light-H
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):10716
                                                                                                                                                                                                            Entropy (8bit):5.016037435830914
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:192:Jp22HdiEUEdWUcPeJ7fbdHmcbiLMWNDyZcy57ha1xh3qvfRdIdyJkW:u2HdiEUEdGY1gbD9TKdIdyJkW
                                                                                                                                                                                                            MD5:66B3E6770C291FE8CD3240FFBB00DC47
                                                                                                                                                                                                            SHA1:88CE9D723A2D4A07FD2032A8B4A742FE323EEC8F
                                                                                                                                                                                                            SHA-256:7EA6E05D3B8B51D03C3D6548E709C220541DF0F1AEE2E69B9101C9F051F7C17A
                                                                                                                                                                                                            SHA-512:D1B99AA011568AFFA415758C986B427588AE87FE5EB7FC52D519F7167AD46BBFF8B62799F14D8DBC7C55DEB6FF7259445D6E8882CC781D61206ED1B79B688745
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:#..#..# Copyright (c) 1999, Oracle and/or its affiliates. All rights reserved...# ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms...#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#....#..#.PostScript printer property file for Java 2D printing...#..# WARNING: This is an internal implementation file, not a public file...# Any customisation or reliance on the existence of this file and its..# contents or syntax is discouraged and unsupported...# It may be incompatibly changed or removed without any notice...#..#..font.num=35..#..# Legacy logical font family names and logical font aliases should all..# map to the primary logical font names...#..serif=serif..times=serif..timesroman=serif..sansserif=sansserif..helvetica=sansserif..dialog=sansserif..dialoginput=monospaced..monospaced=monospaced..courier=monospaced..#..# Next, physical fonts which can be safely mapped to standard postscript fonts..# These keys generally map to a value which is the same as the key, so
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:Java archive data (JAR)
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):3490933
                                                                                                                                                                                                            Entropy (8bit):6.067002853185717
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:49152:WX4zfeUcKDQ1toKXiO3fLxqhH3YRazQwIK7XgnyRMvMtMm55HopLKbtJzUkMkOBV:GL
                                                                                                                                                                                                            MD5:9A084B91667E7437574236CD27B7C688
                                                                                                                                                                                                            SHA1:D8926CC4AA12D6FE9ABE64C8C3CB8BC0F594C5B1
                                                                                                                                                                                                            SHA-256:A1366A75454FC0F1CA5A14EA03B4927BB8584D6D5B402DFA453122AE16DBF22D
                                                                                                                                                                                                            SHA-512:D603AA29E1F6EEFFF4B15C7EBC8A0FA18E090D2E1147D56FD80581C7404EE1CB9D6972FCF2BD0CB24926B3AF4DFC5BE9BCE1FE018681F22A38ADAA278BF22D73
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:PK...........H................META-INF/....PK...........H.s0>...>.......META-INF/MANIFEST.MFManifest-Version: 1.0..Implementation-Vendor: Oracle Corporation..Implementation-Title: Java Runtime Environment..Implementation-Version: 1.8.0_101..Specification-Vendor: Oracle Corporation..Created-By: 1.7.0_07 (Oracle Corporation)..Specification-Title: Java Platform API Specification..Specification-Version: 1.8....PK...........H....$...$.......META-INF/mailcap.default#.# This is a very simple 'mailcap' file.#.image/gif;;..x-java-view=com.sun.activation.viewers.ImageViewer.image/jpeg;;..x-java-view=com.sun.activation.viewers.ImageViewer.text/*;;..x-java-view=com.sun.activation.viewers.TextViewer.text/*;;..x-java-edit=com.sun.activation.viewers.TextEditor.PK...........H..{~2...2.......META-INF/mimetypes.default#.# A simple, old format, mime.types file.#.text/html..html htm HTML HTM.text/plain..txt text TXT TEXT.image/gif..gif GIF.image/ief..ief.image/jpeg..jpeg jpg jpe JPG.image/tiff..tiff tif.
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:Java archive data (JAR)
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):63602929
                                                                                                                                                                                                            Entropy (8bit):5.963369315504544
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:786432:WyfysbZyGp7g85KKwcl0HeJgyll3LTjjA:F0GZTjjA
                                                                                                                                                                                                            MD5:EDB5B5B3EF4565E4E86BFFE647FB1AA2
                                                                                                                                                                                                            SHA1:11F5B1B2D729309059B1BD1FE2922251D9451D5F
                                                                                                                                                                                                            SHA-256:D00351BD39DE7DBF9E9FDBB9EE1FD82189189F9BC82E988B58E1E950D1D4BDC8
                                                                                                                                                                                                            SHA-512:05E7F9ED915610B70664EB7CB68F3F0BBA5BD5CF208BBDB54007DA5FF6311A6DDBBF057E0DF5A346C9042333C29E5C766B2C0A686628F8655C2E75061A9179C1
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:PK...........H................META-INF/....PK...........H.5.%...%.......META-INF/MANIFEST.MFManifest-Version: 1.0..Implementation-Vendor: Oracle Corporation..Implementation-Title: Java Runtime Environment..Implementation-Version: 1.8.0_101..Specification-Vendor: Oracle Corporation..Created-By: 1.7.0_07 (Oracle Corporation)..Specification-Title: Java Platform API Specification..Specification-Version: 1.8....Name: javax/swing/JCheckBoxMenuItem.class..Java-Bean: True....Name: javax/swing/JDialog.class..Java-Bean: True....Name: javax/swing/JSlider.class..Java-Bean: True....Name: javax/swing/JTextField.class..Java-Bean: True....Name: javax/swing/JTextPane.class..Java-Bean: True....Name: javax/swing/JTextArea.class..Java-Bean: True....Name: javax/swing/JList.class..Java-Bean: True....Name: javax/swing/JFormattedTextField.class..Java-Bean: True....Name: javax/swing/JApplet.class..Java-Bean: True....Name: javax/swing/JSpinner.class..Java-Bean: True....Name: javax/swing/JLabel.class..Java-Bean
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):3026
                                                                                                                                                                                                            Entropy (8bit):7.48902128028383
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:48:9JJweDY2LXQ4lAAldrou1YgH767KWajaHpwrHZt0H9BRJgfHilVVt2+HZ:PCcY26Iou1YgHqK3WJGeHn8fH4VVttHZ
                                                                                                                                                                                                            MD5:EE4ED9C75A1AAA04DFD192382C57900C
                                                                                                                                                                                                            SHA1:7D69EA3B385BC067738520F1B5C549E1084BE285
                                                                                                                                                                                                            SHA-256:90012F900CF749A0E52A0775966EF575D390AD46388C49D512838983A554A870
                                                                                                                                                                                                            SHA-512:EAE6A23D2FD7002A55465844E662D7A5E3ED5A6A8BAF7317897E59A92A4B806DD26F2A19B7C05984745050B4FE3FFA30646A19C0F08451440E415F958204137C
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:PK........F..C................META-INF/MANIFEST.MFe.Ao.0...;....-K....d..e.&.UM.BJ)..h)E..~..v......nXI;.wTv.7.p,.4.R..!R.6Gu.@.T.f.....1....}..l.<.....9..K.F..4L#.5.@.{Ih...L.-B8y.`..q....{.v....|...K.l..=....]...m..........T.E...Ke.^1...2..Rwz..2.......pI...N..m..H..;..?..PK.............PK........F..C................META-INF/ORACLE_J.SFu.Ko.@...;...c...->H<.j)XDA./f.eYy,Y.-.....Mos.f.....P.!.1).A..x.5Tq(...F.f..(q..p)..Q|n....I...*Q..Y..@.FS..Y...<'........E..++..j..`N...b..P.iS.Z.e.<r.[a.....ct.............. ...Z..X...x...T..44.'.......ok...h../Z..*..._..Z~mK...zh.....a........w..W..G._?..h.l....';+..&w....+..;K.......PK..+.s.4.......PK........F..C................META-INF/ORACLE_J.RSA3hb...........iA....&.+L......l..m....,L...........2.....q..f&F&&&fK..v..s.,.@.....8.CY..B.a..a&gGC!....].3 1'_.1.$.P.@.$.%,.\.....\._\Y\..[....l.l.......J,KT..O+)O,JUp.OIU..L...K7.1..)b...rvE.Rpv4...5440.b3....( ...5.r.....i.I.......s@.E..E.%..y...A...GF`.27.......aK....o
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):4149
                                                                                                                                                                                                            Entropy (8bit):5.816047466650347
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:96:ubCHVyxwEyPEtpuVFWny6NnXjekkMDV6kiPVNXvNhtfx5e6NgyufTMBwtBsv5XHs:ubCHVyxwEyPEtpuV8ny6NnX6kkMDV6kL
                                                                                                                                                                                                            MD5:3F5DC1D941E8356CCD04454AC0A7A7D2
                                                                                                                                                                                                            SHA1:3698F9AFD870C7959E2D8A0DA0A97B4475554831
                                                                                                                                                                                                            SHA-256:C48D57D64ED98F8F174A4F6873F536AE03B41A63F67079D7C2F7140950A1C02E
                                                                                                                                                                                                            SHA-512:65319A4EF150884F7E67C6F96085A996C9B32DCF9A539C4EB7AF77B1B46CDD90F1E83446F33DA14467EA37D0628C9411323F5C3D3CEFCF03CBDFA186EEB2BD3C
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:# JNLPAppletLauncher applet-launcher.jar..SHA1-Digest-Manifest: 5Bo5/eg892hQ9mgbUW56iDmsp1k=....# 7066583..SHA1-Digest-Manifest: x17xGEFzBRXY2pLtXiIbp8J7U9M=..SHA1-Digest-Manifest: ya6YNTzMCFYUO4lwhmz9OWhhIz8=..SHA1-Digest-Manifest: YwuPyF/KMcxcQhgxilzNybFM2+8=....# 7066809..SHA1-Digest-Manifest: dBKbNW1PZSjJ0lGcCeewcCrYx5g=..SHA1-Digest-Manifest: lTYCkD1wm5uDcp2G2PNPcADG/ds=..SHA1-Digest-Manifest: GKwQJtblDEuSVf3LdC1ojpUJRGg=....# 7186931..SHA1-Digest-Manifest: 0CUppG7J6IL8xHqPCnA377Koahw=..SHA1-Digest-Manifest: 3aJU1qSK6IYmt5MSh2IIIj5G1XE=..SHA1-Digest-Manifest: 8F4F0TXA4ureZbfEXWIFm76QGg4=..SHA1-Digest-Manifest: B1NaDg834Bgg+VE9Ca+tDZOd2BI=..SHA1-Digest-Manifest: bOoQga+XxC3j0HiP552+fYCdswo=..SHA1-Digest-Manifest: C4mtepHAyIKiAjjqOm6xYMo8TkM=..SHA1-Digest-Manifest: cDXEH+bR01R8QVxL+KFKYqFgsR0=..SHA1-Digest-Manifest: cO2ccW2cckTvpR0HVgQa362PyHI=..SHA1-Digest-Manifest: D/TyRle6Sl+CDuBFmdOPy03ERaw=..SHA1-Digest-Manifest: eJfWm86yHp2Oz5U8WrMKbpv6GGA=..SHA1-Digest-Manifest: g3mA5HqcRBlKa
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):1273
                                                                                                                                                                                                            Entropy (8bit):4.167014768533289
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:24:NPwGDO0uFVW0mSDEYMZ9HWYZj4bJCC8lCEQqkvZq1n4v3CYe:NPrDJuF4oMyYZj4h8lCENq2+e
                                                                                                                                                                                                            MD5:BBEBCF13680E71EC2EE562524DA02660
                                                                                                                                                                                                            SHA1:C5C005C29A80493F5C31CD7EB629AC1B9C752404
                                                                                                                                                                                                            SHA-256:1FBEA394E634630894CF72DE02DF1846F32F3BB2067B3CB596700E4DD923F4B5
                                                                                                                                                                                                            SHA-512:B686236EEE055C97A96F5E31A2EE7CE57EED04C2175235CEB19F9F56ABFD22DB6FDCADE8C5D4BA7B656D69E923A1C5844C06DC959A4A915E215FB0ACE377B114
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:Algorithm=SHA-256..14E6D2764A4B06701C6CBC376A253775F79C782FBCB6C0EE6F99DE4BA1024ADD..31C8FD37DB9B56E708B03D1F01848B068C6DA66F36FB5D82C008C6040FA3E133..3946901F46B0071E90D78279E82FABABCA177231A704BE72C5B0E8918566EA66..450F1B421BB05C8609854884559C323319619E8B06B001EA2DCBB74A23AA3BE2..4CBBF8256BC9888A8007B2F386940A2E394378B0D903CBB3863C5A6394B889CE..4FEE0163686ECBD65DB968E7494F55D84B25486D438E9DE558D629D28CD4D176..5E83124D68D24E8E177E306DF643D5EA99C5A94D6FC34B072F7544A1CABB7C7B..76A45A496031E4DD2D7ED23E8F6FF97DBDEA980BAAC8B0BA94D7EDB551348645..8A1BD21661C60015065212CC98B1ABB50DFD14C872A208E66BAE890F25C448AF..9ED8F9B0E8E42A1656B8E1DD18F42BA42DC06FE52686173BA2FC70E756F207DC..A686FEE577C88AB664D0787ECDFFF035F4806F3DE418DC9E4D516324FFF02083..B8686723E415534BC0DBD16326F9486F85B0B0799BF6639334E61DAAE67F36CD..D24566BF315F4E597D6E381C87119FB4198F5E9E2607F5F4AB362EF7E2E7672F..D3A936E1A7775A45217C8296A1F22AC5631DCDEC45594099E78EEEBBEDCBA967..DF21016B00FC54F9FE3BC8B039911BB216E9162FAD2FD14D990AB96E9
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:Java KeyStore
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):112860
                                                                                                                                                                                                            Entropy (8bit):7.58405956263152
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:1536:knYlyRHbLD1Syx011lYcdSmjbDKuaG8QlpzHok0SeHX:knYlyRHrq5dbeO9pLD0SiX
                                                                                                                                                                                                            MD5:A2C167C8E0F275B234CB2C2E943781C7
                                                                                                                                                                                                            SHA1:2A6B5FBC476EA3A5DDFB4BF1F6CDF0C4DA843BB1
                                                                                                                                                                                                            SHA-256:A9263831583DFD58BC3584AA0B13E6CDE43403FB82093329B47BB65A8C701AFB
                                                                                                                                                                                                            SHA-512:8A0C2240C603210AE963C6A126D19BF51659FDED2228503BBF2A2662CCB73B0F9E18C020C9E5E2F3449E2F4F0006D68FE15C8FD5D91DEE8A1A6B42A49183BEAA
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:...........h......digicertassuredidrootca....Wa....X.509....0...0................F...`...090...*.H........0e1.0...U....US1.0...U....DigiCert Inc1.0...U....www.digicert.com1$0"..U....DigiCert Assured ID Root CA0...061110000000Z..311110000000Z0e1.0...U....US1.0...U....DigiCert Inc1.0...U....www.digicert.com1$0"..U....DigiCert Assured ID Root CA0.."0...*.H.............0.............C.\...`.q....&...... 9(X`......2a<..(........z.....yS\1.*...26v...<...j.!.Ra. ......d..[_.X.5.G.6.k..8>...3../..(......nD.a5...Y..vm..K.+..r.`..5.xU. ...m..I|1.3l"..2Z......9...:r.......1u..}".?.F..(y...W..~......V.......?........_.wO......c0a0...U...........0...U.......0....0...U......E....1-Q...!..m..0...U.#..0...E....1-Q...!..m..0...*.H.....................rszd...rf.2.Bub.......V.....(...`\.LX..=.IEX.5i..G.V.y...g.....<..&, .=.(.._."...e....gI.]..*.&.x.}?+.&5m_...I[.....=%.....o...dh.-..B.....b.Pg.l....k.6...7|.[mz..F`..'..K...g*h....3f....n...c.....%ml...a...&..q......Q.+
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):2515
                                                                                                                                                                                                            Entropy (8bit):4.490054643169131
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:24:nWjF29ShnQUQH2Hvh4ic1mo6wv1PdOpGLSYLHoQLZQ/1rJ+fSA:n+4AQWxc1tgAFH
                                                                                                                                                                                                            MD5:EC90FD04C2890584A16EB24664050C2A
                                                                                                                                                                                                            SHA1:C7FE062EAC95909EC6A5EA93F42DDA5E023AD82C
                                                                                                                                                                                                            SHA-256:CED51E3926E6B0CFEC8ECAB3B15D296FDCFAE4D32046224814AAAB5FD0FED9C0
                                                                                                                                                                                                            SHA-512:8DA494925B3B5AAE69A30A8B5F9732E64EDBAE39C968229D112185E349C410A0F5D1B281A4E44718E0120E910820B15CA878B2ED1CF905DFC6595F1BA34B85D3
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:..// Standard extensions get all permissions by default....grant codeBase "file:${{java.ext.dirs}}/*" {.. permission java.security.AllPermission;..};....// default permissions granted to all domains....grant {.. // Allows any thread to stop itself using the java.lang.Thread.stop().. // method that takes no argument... // Note that this permission is granted by default only to remain.. // backwards compatible... // It is strongly recommended that you either remove this permission.. // from this policy file or further restrict it to code sources.. // that you specify, because Thread.stop() is potentially unsafe... // See the API specification of java.lang.Thread.stop() for more.. // information... permission java.lang.RuntimePermission "stopThread";.... // allows anyone to listen on dynamic ports.. permission java.net.SocketPermission "localhost:0", "listen";.... // "standard" properies that
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):27033
                                                                                                                                                                                                            Entropy (8bit):4.840685151784295
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:768:rmLHAEcqrlANbwbqL1AdLAHaPw2kqUTWip+fzIz:rWQaYFqUTWip0kz
                                                                                                                                                                                                            MD5:409C132FE4EA4ABE9E5EB5A48A385B61
                                                                                                                                                                                                            SHA1:446D68298BE43EB657934552D656FA9AE240F2A2
                                                                                                                                                                                                            SHA-256:4D9E5A12B8CAC8B36ECD88468B1C4018BC83C97EB467141901F90358D146A583
                                                                                                                                                                                                            SHA-512:7FED286AC9AED03E2DAE24C3864EDBBF812B65965C7173CC56CE622179EB5F872F77116275E96E1D52D1C58D3CDEBE4E82B540B968E95D5DA656AA74AD17400D
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:#..# This is the "master security properties file"...#..# An alternate java.security properties file may be specified..# from the command line via the system property..#..# -Djava.security.properties=<URL>..#..# This properties file appends to the master security properties file...# If both properties files specify values for the same key, the value..# from the command-line properties file is selected, as it is the last..# one loaded...#..# Also, if you specify..#..# -Djava.security.properties==<URL> (2 equals),..#..# then that properties file completely overrides the master security..# properties file...#..# To disable the ability to specify an additional properties file from..# the command line, set the key security.overridePropertiesFile..# to false in the master security properties file. It is set to true..# by default.....# In this file, various security properties are set for use by..# java.security classes. This is where users can statically register..# Cryptography Packag
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):103
                                                                                                                                                                                                            Entropy (8bit):4.802539000066613
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:3:RSjGIWgjM0ePFUNaXsIGNDAPVnyzowv:RS6c2PFUsXsIrRqoa
                                                                                                                                                                                                            MD5:E0C4EF8B210C0DDFEE01126E1ACA4280
                                                                                                                                                                                                            SHA1:F1CC674F447045D668454996D5C3C188884762CD
                                                                                                                                                                                                            SHA-256:E5CD7F9FD43084674AA749BC8301F28DE85EEF6D01BD78828F72FA32377A3368
                                                                                                                                                                                                            SHA-512:4820074F15520AD099193B27A673499C31544A7279279EFCB6131D53FE997438A96E1C5B386C233385004F7A2FBB775D4CDE3C0272A196B54C0D8EE6CCEF43DF
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:..grant codeBase "file:${jnlpx.home}/javaws.jar" {.. permission java.security.AllPermission;..};....
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):3527
                                                                                                                                                                                                            Entropy (8bit):7.521709350514316
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:96:XWlvuYcIou1YgHqK3WwGjIEwtR88fH4VVKZ:sutuyOqKmw0QtRpH4VVKZ
                                                                                                                                                                                                            MD5:57AAAA3176DC28FC554EF0906D01041A
                                                                                                                                                                                                            SHA1:238B8826E110F58ACB2E1959773B0A577CD4D569
                                                                                                                                                                                                            SHA-256:B8BECC3EF2E7FF7D2165DD1A4E13B9C59FD626F20A26AF9A32277C1F4B5D5BC7
                                                                                                                                                                                                            SHA-512:8704B5E3665F28D1A0BC2A063F4BC07BA3C7CD8611E06C0D636A91D5EA55F63E85C6D2AD49E5D8ECE267D43CA3800B3CD09CF369841C94D30692EB715BB0098E
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:PK........H..C................META-INF/MANIFEST.MF...o.0...;....-..N.I.._..!S..^L..v+....~....K.....9.......-.qLc,.P.N..%QG.b....n...`..m.u...Yw...ak....+to..1.............."m.i8..z}{B...^uV...1..s.>>..Z-.&..%....A..W..t..c....?z.o....A.]d0a...^..a........./..'..NQQ.%...4..l..}....N..A.f..Q[G.K^.S...o..PK.....8....h...PK........H..C................META-INF/ORACLE_J.SF..Ko.0...}.....U....A........-!....c...4..m.E..F.;.G.c..5...AH.qW.93.....-...`...#.Y.1..=.......b....0/.p...`...}...!.N..a'.....'..?eW..(b..SD.(0;*=h.W\.....w........ ........hg. y.....D...1.L'+...P..QOM..f.w...{\m...Tl.&i..!N~..Q.5...8............/.....UzY..$>.}.m..'.............g>.....D.O...o..V...o.O....4....~.2.7..'.o/....}.PK...E..\.......PK........H..C................META-INF/ORACLE_J.RSA3hb...........iA....&.+L......l..m....,L...........2.....q..f&F&&&fK..v..s.,.@.....8.CY..B.a..a&gGC!....].3 1'_.1.$.P.@.$.%,.\.....\._\Y\..[....l.l.......J,KT..O+)O,JUp.OIU..L...K7.1..)b...rvE.Rpv4
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):1249
                                                                                                                                                                                                            Entropy (8bit):4.735634480139973
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:12:AJx/wzjJQO1YfK4pPq8Ul6GyGLCKDJ9w5lAu9aEVjEcGuc8X3A0LlmPOiMA0L9UV:w/61sppNUl6GbLCOMlmEOucA3e2s/WW
                                                                                                                                                                                                            MD5:BB63293B1207CB8608C5FBE089A1B06D
                                                                                                                                                                                                            SHA1:96A0FA723AF939C22AE25B164771319D82BC033B
                                                                                                                                                                                                            SHA-256:633015AD63728DFE7A51BF26E55B766DD3E935F1FCCCFFA8054BF6E158EA89B2
                                                                                                                                                                                                            SHA-512:0042DEBE4A77DA997A75A294A0C48D19AED258EEB3CD723FD305037DF11F0A5073A92CC54967B8B541E1AFC912F36481D0B0F68477B8156E52E15093722B7C32
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:############################################################..# Sound Configuration File..############################################################..#..# This properties file is used to specify default service..# providers for javax.sound.midi.MidiSystem and..# javax.sound.sampled.AudioSystem...#..# The following keys are recognized by MidiSystem methods:..#..# javax.sound.midi.Receiver..# javax.sound.midi.Sequencer..# javax.sound.midi.Synthesizer..# javax.sound.midi.Transmitter..#..# The following keys are recognized by AudioSystem methods:..#..# javax.sound.sampled.Clip..# javax.sound.sampled.Port..# javax.sound.sampled.SourceDataLine..# javax.sound.sampled.TargetDataLine..#..# The values specify the full class name of the service..# provider, or the device name...#..# See the class descriptions for details...#..# Example 1:..# Use MyDeviceProvider as default for SourceDataLines:..# javax.sound.sampled.SourceDataLine=com.xyz.MyDeviceProvider..#..# Example 2:..# Speci
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):103910
                                                                                                                                                                                                            Entropy (8bit):7.113278604363908
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:1536:OcQWmFKJzLl2g6kpE7tdTMBB/////t97Taz69rU4y/uqmol7s2gK:Oyh3F27/qGzkrfy/uqllQ2gK
                                                                                                                                                                                                            MD5:5A7F416BD764E4A0C2DEB976B1D04B7B
                                                                                                                                                                                                            SHA1:E12754541A58D7687DEDA517CDDA14B897FF4400
                                                                                                                                                                                                            SHA-256:A636AFA5EDBA8AA0944836793537D9C5B5CA0091CCC3741FC0823EDAE8697C9D
                                                                                                                                                                                                            SHA-512:3AB2AD86832B98F8E5E1CE1C1B3FFEFA3C3D00B592EB1858E4A10FFF88D1A74DA81AD24C7EC82615C398192F976A1C15358FCE9451AA0AF9E65FB566731D6D8F
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:...TZDB....2016d.S..Africa/Abidjan..Africa/Accra..Africa/Addis_Ababa..Africa/Algiers..Africa/Asmara..Africa/Asmera..Africa/Bamako..Africa/Bangui..Africa/Banjul..Africa/Bissau..Africa/Blantyre..Africa/Brazzaville..Africa/Bujumbura..Africa/Cairo..Africa/Casablanca..Africa/Ceuta..Africa/Conakry..Africa/Dakar..Africa/Dar_es_Salaam..Africa/Djibouti..Africa/Douala..Africa/El_Aaiun..Africa/Freetown..Africa/Gaborone..Africa/Harare..Africa/Johannesburg..Africa/Juba..Africa/Kampala..Africa/Khartoum..Africa/Kigali..Africa/Kinshasa..Africa/Lagos..Africa/Libreville..Africa/Lome..Africa/Luanda..Africa/Lubumbashi..Africa/Lusaka..Africa/Malabo..Africa/Maputo..Africa/Maseru..Africa/Mbabane..Africa/Mogadishu..Africa/Monrovia..Africa/Nairobi..Africa/Ndjamena..Africa/Niamey..Africa/Nouakchott..Africa/Ouagadougou..Africa/Porto-Novo..Africa/Sao_Tome..Africa/Timbuktu..Africa/Tripoli..Africa/Tunis..Africa/Windhoek..America/Adak..America/Anchorage..America/Anguilla..America/Antigua..America/Araguaina..America/
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):8602
                                                                                                                                                                                                            Entropy (8bit):5.204166069367786
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:192:j1kfcymkDvxeMmKg5GQEK2TtllXinSV29OHPQT:hhymk/QGT7YT
                                                                                                                                                                                                            MD5:B8DD8953B143685B5E91ABEB13FF24F0
                                                                                                                                                                                                            SHA1:B5CEB39061FCE39BB9D7A0176049A6E2600C419C
                                                                                                                                                                                                            SHA-256:3D49B3F2761C70F15057DA48ABE35A59B43D91FA4922BE137C0022851B1CA272
                                                                                                                                                                                                            SHA-512:C9CD0EB1BA203C170F8196CBAB1AAA067BCC86F2E52D0BAF979AAD370EDF9F773E19F430777A5A1C66EFE1EC3046F9BC82165ACCE3E3D1B8AE5879BD92F09C90
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:#..# This file describes mapping information between Windows and Java..# time zones...# Format: Each line should include a colon separated fields of Windows..# time zone registry key, time zone mapID, locale (which is most..# likely used in the time zone), and Java time zone ID. Blank lines..# and lines that start with '#' are ignored. Data lines must be sorted..# by mapID (ASCII order)...#..# NOTE..# This table format is not a public interface of any Java..# platforms. No applications should depend on this file in any form...#..# This table has been generated by a program and should not be edited..# manually...#..Romance:-1,64::Europe/Paris:..Romance Standard Time:-1,64::Europe/Paris:..Warsaw:-1,65::Europe/Warsaw:..Central Europe:-1,66::Europe/Prague:..Central Europe Standard Time:-1,66::Europe/Prague:..Prague Bratislava:-1,66::Europe/Prague:..W. Central Africa Standard Time:-1,66:AO:Africa/Luanda:..FLE:-1,67:FI:Europe/Helsinki:..FLE Standard Time:-1,67:FI:E
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:ASCII text, with very long lines (427), with CRLF line terminators
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):533
                                                                                                                                                                                                            Entropy (8bit):5.416086012521588
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:12:GEKkc58IOlBVAQEjy2IM0oPP1RVtc8fFVKeiIdGIVIPJvq1RUbDcz:GEK7586QY/0oPtRb2TqySRUkz
                                                                                                                                                                                                            MD5:A61B1E3FE507D37F0D2F3ADD5AC691E0
                                                                                                                                                                                                            SHA1:8AE1050FF466B8F024EED5BC067B87784F19A848
                                                                                                                                                                                                            SHA-256:F9E84B54CF0D8CB0645E0D89BF47ED74C88AF98AC5BF9CCF3ACCB1A824F7DC3A
                                                                                                                                                                                                            SHA-512:3E88A839E44241AE642D0F9B7000D80BE7CF4BD003A9E2F9F04A4FEB61EC4877B2B4E76151503184F4B9978894BA1D0DE034DBC5F2E51C31B3ABB24F0EACF0C7
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:JAVA_VERSION="1.8.0_101"..OS_NAME="Windows"..OS_VERSION="5.1"..OS_ARCH="i586"..SOURCE=" .:e983a19c6439 corba:2bb2aec4b3e5 deploy:2390a2618e98 hotspot:77df35b662ed hotspot/make/closed:40ee8a558775 hotspot/src/closed:710cffeb3c01 hotspot/test/closed:d6cfbcb20a1e install:68eb511e9151 jaxp:8ee36eca2124 jaxws:287f9e9d45cc jdk:827b2350d7f8 jdk/make/closed:53a5d48a69b0 jdk/src/closed:06c649fef4a8 jdk/test/closed:556c76f337b9 langtools:8dc8f71216bf nashorn:44e4e6cbe15b pubs:388b7b93b2c0 sponsors:1b72bbdb30d6"..BUILD_TYPE="commercial"..
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:Java archive data (JAR)
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):247787
                                                                                                                                                                                                            Entropy (8bit):7.915391305945515
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:6144:p+30cnH7ihlQT+uRm0C/vL7cvRurEQ9oTo4/1pC:p+3VnYo+WkvsJuApo4/1k
                                                                                                                                                                                                            MD5:F5AD16C7F0338B541978B0430D51DC83
                                                                                                                                                                                                            SHA1:2EA49E08B876BBD33E0A7CE75C8F371D29E1F10A
                                                                                                                                                                                                            SHA-256:7FBFFBC1DB3422E2101689FD88DF8384B15817B52B9B2B267B9F6D2511DC198D
                                                                                                                                                                                                            SHA-512:82E6749F4A6956F5B8DD5A5596CA170A1B7FF4E551714B56A293E6B8C7B092CBEC2BEC9DC0D9503404DEB8F175CBB1DED2E856C6BC829411C8ED311C1861336A
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:PK........RT.IcT..............META-INF/MANIFEST.MF.....T]o.0.}G...x.6.......L.T..X_'.\..3.....h....).}r...zF.[.6.3(.........G..LFl. .....z4....4.A@*"........5&.....=..Ah^`.I....N.3......y1#.s.r.5h...D.J7.....s..2..4.05H5.{...A..|.,...}..C....'.tT.g.d.}..I../.....8.2&.w.........+.."..`c.y._...?..9.{........L3.0.....M...6..T.x.R.tQ..+#...`4.K..)f.L.5.^..(..22U....-.#.5Qdj.......n.e=5$..$b."...sA!..D....OO..fNg.... ui.2...=....-..R.G..E..V3..G..m.i..L...f.......8.`......^........!...`5.0V.%?...D&.Iy5.....?...V.._..m.T..B.:..-..Ng)%....}o.w._PK........RT.I................org/..PK........RT.I................org/objectweb/..PK........RT.I................org/objectweb/asm/..PK........RT.I............)...org/objectweb/asm/AnnotationVisitor.class..]O.`.....(+.....:']...`L..b...../.4M..R.~...&.%...~(.9m...3{..?...y....??....]..@E. .v.P.{b..w.'.....'.;......~....qt.^.i.....><.....}.&a..u..&l..{..u. ..........s'3..(L_.^.>.z...uU.<$(..9I.......'......'.........
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:Java archive data (JAR)
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):812205
                                                                                                                                                                                                            Entropy (8bit):7.990697749215315
                                                                                                                                                                                                            Encrypted:true
                                                                                                                                                                                                            SSDEEP:12288:iq3Zvcr0jOS3/8oUmXCCcQxs1hGg5FGgo00BgbFeSK12nqq5mVNC/NMsvz/2wYfk:93Z0r0x9baBFGgoR3S9mVM/N9CwYjY
                                                                                                                                                                                                            MD5:E147E868AD19B14C74DD1FFC4213F823
                                                                                                                                                                                                            SHA1:466674CE42A18C79D5C62FE8FDF38A5C560A6640
                                                                                                                                                                                                            SHA-256:9F4136C06D393B79B3A86C2EE10A3443608B7B62CDBB4D9DCA240BE62D024F2C
                                                                                                                                                                                                            SHA-512:745043531FEBFB5C129E80FA92E8424D30B4966F1D182221D208AE94EC06019F022EA5BA80807ABEC3F968BED6EBE5FEFDD093042E3551C4EE36B5E9AAE36E65
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:PK..........BY................META-INF/....PK..........BYc..\...h.......META-INF/MANIFEST.MF.M..LK-...K-*...R0.3..r.C.q,HL.HU...%-..y...R.KRSt.*A.-......u....4....sR......K..h.r.r..PK..........BY.................packages/PK..........BY................action/PK..........BY................behaviour/PK..........BY................behaviour/custom/PK..........BY................bundle/PK..........BY................bundle/jurl/PK..........BY................bundle/windows/PK..........BY................bundle/windows/api/PK..........BY................bundle/windows/result/PK..........BY................bundle/zip/PK..........BY................facade/PK..........BY................installer/PK..........BY................installer/forms/PK..........BY................installer/modules/PK..........BY................php/PK..........BY................php/compress/PK..........BY................php/framework/PK..........BY................php/gui/PK..........BY................php/gui/framework/PK.....
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:Zip archive data, at least v1.0 to extract, compression method=deflate
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):13202
                                                                                                                                                                                                            Entropy (8bit):7.737712617961208
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:192:LhR1Ygxt7I20RiT2dI03cIH8W6Bc4/kyOLZAy0ZH6AfkA8sFayhbD3D3KRe:1RNRI24AKBcW6BIyYreXf/iyhPD3KU
                                                                                                                                                                                                            MD5:3E5E8CCCFF7FF343CBFE22588E569256
                                                                                                                                                                                                            SHA1:66756DAA182672BFF27E453EED585325D8CC2A7A
                                                                                                                                                                                                            SHA-256:0F26584763EF1C5EC07D1F310F0B6504BC17732F04E37F4EB101338803BE0DC4
                                                                                                                                                                                                            SHA-512:8EA5F31E25C3C48EE21C51ABE9146EE2A270D603788EC47176C16ACAC15DAD608EEF4FA8CA0F34A1BBC6475C29E348BD62B0328E73D2E1071AAA745818867522
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:PK........3.\K................META-INF/..PK........3.\K................META-INF/MANIFEST.MF.M..LK-...K-*...R0.3......PK........3.\K................JPHP-INF/..PK........3.\K................JPHP-INF/sdk/..PK........3.\K..e.....\... ...JPHP-INF/sdk/ArithmeticError.phpe..j.0...@.Ac...n]..C..+8....)Xr....t.`cI.......i.K..t.V..F..)@...l.[B...G^b.E=I.a.2J..'..%.b. ^.......z........S ........v......d.h4...1NN]..,..t...~..yo&...G.....<@A...5. .\..ET.w;.S...w.....a..61...[.O....k....PK........3.\K.J.......... ...JPHP-INF/sdk/array-functions.php.Y]o.0.}G.?..M....M[.U.j.h.=F&..q2.0.u.}Nb ....:.@7p....p...Y...\]^v;.e.)C.....z.z.G...z1.P....h...U..H...jc.O..@4..U.._..K..C....6...q;..v.t;.})q....Q..eE..5wg+.l.c..V.......T{qJ..(53.cXn..<..#.k.....RI.A..8...D$..0..0]os...|...OR...p......]..`0.f.8.q....p...H....E..4>{...5.Xf.....5...Wms...>....LH..$,`C......T..#.#K..4".....f.-!h..MAle.m.a..2.....AZ......iT.Z.....Vu.J.a......p..4.6B..I..D9GY....}.L"Mh.....$...M.
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:Zip archive data, at least v1.0 to extract, compression method=store
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):231952
                                                                                                                                                                                                            Entropy (8bit):7.8987047381149225
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:3072:2DiL6hR+wm60gqZjJhqo2M04r7bv1XMrMxw1rl1rwj+Bmd6dYBmkW1eIjEmFdbl6:bq0jSi2Qi1B1Cay6dYBUwmPxLe3
                                                                                                                                                                                                            MD5:5134A2350F58890FFB9DB0B40047195D
                                                                                                                                                                                                            SHA1:751F548C85FA49F330CECBB1875893F971B33C4E
                                                                                                                                                                                                            SHA-256:2D43EB5EA9E133D2EE2405CC14F5EE08951B8361302FDD93494A3A997B508D32
                                                                                                                                                                                                            SHA-512:C3CDAF66A99E6336ABC80FF23374F6B62AC95AB2AE874C9075805E91D849B18E3F620CC202B4978FC92B73D98DE96089C8714B1DD096B2AE1958CFA085715F7A
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:PK...........H................META-INF/PK...........H..Q?....p.......META-INF/MANIFEST.MF.R]..0.|...`....$.8...SQ.C.....Kp... ..u>0.U..9.....Y....M..J3)2.....+A9..A..M.x.R.....q.SD].l{)w.......\..........=...N.n36..F.FM.../.b.6.A.D...l.Z].x4M'.t<.R7z..w.k}._.S@.g.z..81%E..dh.l.a.G.."'........n......Je.h6lM.(..r.{_.T&.....[....Z...N_. G.c............T6.z.z]m...N.s+..........R.Zg.`.Qg.a...a+e.J..W..%.P....7.I...$..wi.{...*...{...=.N......Q@.`v..$..G..........M./m3.....6.O.9...T.P.[X........~Lc.{Q$.QXHe=k...D.pE.nH...PK...........H................com/PK...........H................com/google/PK...........H................com/google/gson/PK...........H................com/google/gson/annotations/PK...........H................com/google/gson/internal/PK...........H................com/google/gson/internal/bind/PK...........H............#...com/google/gson/internal/bind/util/PK...........H................com/google/gson/reflect/PK...........H................com/google/g
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:Zip archive data, at least v1.0 to extract, compression method=deflate
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):106006
                                                                                                                                                                                                            Entropy (8bit):7.823795646704166
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:1536:CPj4aLCBcnn4xGrpR7H30x4VTNVNM43QHt0msLiWzO5SQJn4494m75CYl3U:ETCBmnoCptBNNVNzQ6e5SQW494mlZ2
                                                                                                                                                                                                            MD5:0C8768CDEB3E894798F80465E0219C05
                                                                                                                                                                                                            SHA1:C4DA07AC93E4E547748ECC26B633D3DB5B81CE47
                                                                                                                                                                                                            SHA-256:15F36830124FC7389E312CF228B952024A8CE8601BF5C4DF806BC395D47DB669
                                                                                                                                                                                                            SHA-512:35DB507A3918093B529547E991AB6C1643A96258FC95BA1EA7665FF762B0B8ABB1EF732B3854663A947EFFE505BE667BD2609FFCCCB6409A66DF605F971DA106
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:PK........3.\K................META-INF/..PK........3.\K................META-INF/MANIFEST.MF.M..LK-...K-*...R0.3......PK........3.\K.................packages/..PK........3.\KpS..v............packages/framework.pkg.W.n.8.}....}..,.:m....c3.&.(Hr;....k..V..h.sH../.\..h... w.T6j....k.o..;L.....dBR.{/.I.P.t.H.:s...X.......#...-..CPm.....lT;..u........P..o.L.j..a.h...@.@..6`J....D9..IfT..U....d.B.]..........T.<.......nfs..k....P`..,..g........T[+@.em.cY...F.k.h..T.M.1....{.eg@+Q.._a.....(O.Z..y.UPu....;.M.......8O..d$....)...MlMc/..;.|....N.(.s.......1.c.n..... T+..._.g*@R9.. ...F...../...lg..>.....W...J.6.<.VT..iY.l....}......M.J.?.........YS....H.9rG.I.;....ZK...d'|....Ix....c.....ve._s......JOu..s....Z...)g........j.K.W.7.o .^....:!m...n...........*9Q'..8.<..3!.\.8.j...z.mn.....6.....].N/...x]..Ke....:.A.Z.......l..AaG3~..y.K8R..<#J?..P..._..k.H........ .]L8.......j......lYq..).......(.hCf...$$..l.....K...M3...Ll9....-.1.%.......v.....m...
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:Zip archive data, at least v1.0 to extract, compression method=deflate
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):475905
                                                                                                                                                                                                            Entropy (8bit):7.8713354167151675
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:12288:pyfuv+DnikW2IfqFXKzNGNyyRmfD4vCgdiRST:pLWDnid2IfZGAyAfczdig
                                                                                                                                                                                                            MD5:7E5E3D6D352025BD7F093C2D7F9B21AB
                                                                                                                                                                                                            SHA1:AD9BFC2C3D70C574D34A752C5D0EBCC43A046C57
                                                                                                                                                                                                            SHA-256:5B37E8FF2850A4CBB02F9F02391E9F07285B4E0667F7E4B2D4515B78E699735A
                                                                                                                                                                                                            SHA-512:C19C29F8AD8B6BEB3EED40AB7DC343468A4CA75D49F1D0D4EA0B4A5CEE33F745893FBA764D35C8BD157F7842268E0716B1EB4B8B26DCF888FB3B3F4314844AAD
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:PK..........[K................META-INF/..PK.........rNK................META-INF/MANIFEST.MF.M..LK-...K-*...R0.3......PK..........[K................org/..PK..........[K................org/develnext/..PK..........[K................org/develnext/jphp/..PK..........[K................org/develnext/jphp/core/..PK..........[K................org/develnext/jphp/core/common/..PK..........[K0:..).......G...org/develnext/jphp/core/common/ObjectSizeCalculator$ObjectWrapper.class.RMo.@.}k;q.\....o.$....F.@.*".p.*.'6.*qp.`;.EH........%.$...q...B.V..r.....{o.....o...* ..yh8"..:..p.'u.b....pb.rk...q.g.H.K...._f.....1h..+.f[./........OH......]Y.....af..V.G#.2.M..a..Q$..h.a..u...~l.F......0..~..v........ \..)..{c.E..~.A...K;...U>J-..<.o..VkM.,..Fi...CG.....^..I%.y,..3p.gt.e...#....d(..'.J?#..q.E..jmj....\...;...Q,...]..n.qm{[{.............T..(P.G.......3.i}..*....t.xD...'..ja.6.J@.IV.?(c..|.r.....6.~..>A-ko.Q'..(.whtlB..AS'./#..P|J..1?... ....mRWj.S.CF7X.t.......I)[/..T...ze.k.WT..,.L.
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:Zip archive data, at least v1.0 to extract, compression method=deflate
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):17374
                                                                                                                                                                                                            Entropy (8bit):7.682654493549437
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:Paj1PXNyyQwsCxm7VXh3il27I8pdo63XNrqlY3ylWn4iczt3Z:e1/BQwsCxIVXhuF8pKaXNdXn4icz9Z
                                                                                                                                                                                                            MD5:B50E2C75F5F0E1094E997DE8A2A2D0CA
                                                                                                                                                                                                            SHA1:D789EB689C091536EA6A01764BADA387841264CB
                                                                                                                                                                                                            SHA-256:CF4068EBB5ECD47ADEC92AFBA943AEA4EB2FEE40871330D064B69770CCCB9E23
                                                                                                                                                                                                            SHA-512:57D8AC613805EDADA6AEBA7B55417FD7D41C93913C56C4C2C1A8E8A28BBB7A05AADE6E02B70A798A078DC3C747967DA242C6922B342209874F3CAF7312670CB0
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:PK........3.\K................META-INF/..PK........3.\K................META-INF/MANIFEST.MF.M..LK-...K-*...R0.3......PK........3.\K................org/..PK........3.\K................org/develnext/..PK........3.\K................org/develnext/jphp/..PK........3.\K................org/develnext/jphp/ext/..PK........3.\K................org/develnext/jphp/ext/gui/..PK........3.\K............#...org/develnext/jphp/ext/gui/desktop/..PK........3.\K............+...org/develnext/jphp/ext/gui/desktop/classes/..PK........3.\K.|wk.......6...org/develnext/jphp/ext/gui/desktop/classes/Mouse.class.SmO.A.~...^O....J..P..QQ.."&M*.0|2!.c)...n..../&F.....(..-.A..}f.yff......2..0e.&.m.B!....ha..<C.#..~..P....0VZ.+T.]W....&.^.r.b.....r.|.E....m..Z.+...R...V..k^.......<.....z_F.K. ....!|%..{`.Q.%..[..].(..}..XeHQ........h...S.i.!....*.a.i.(..F6..m.I...R...Yp.2[....C..))%.f...]..Mt7..Sm6...D.D......'.K3);i{.7..ER..5..'N'..73ip?&^.hoZ.up.....,.e.wq..}.W..`.+..g.%....|...S.....*......&t.
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:Zip archive data, at least v1.0 to extract, compression method=deflate
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):704689
                                                                                                                                                                                                            Entropy (8bit):7.834558665203789
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:12288:sSn9gd/GXLtKb+Ozu5idmEfcHOPJZ7bw1kXn0yZLJZsDDpJSWB5qSEhQ:sMw/GXUb+euCVIOxRQIZOnuK
                                                                                                                                                                                                            MD5:6696368A09C7F8FED4EA92C4E5238CEE
                                                                                                                                                                                                            SHA1:F89C282E557D1207AFD7158B82721C3D425736A7
                                                                                                                                                                                                            SHA-256:C25D7A7B8F0715729BCCB817E345F0FDD668DD4799C8DAB1A4DB3D6A37E7E3E4
                                                                                                                                                                                                            SHA-512:0AB24F07F956E3CDCD9D09C3AA4677FF60B70D7A48E7179A02E4FF9C0D2C7A1FC51624C3C8A5D892644E9F36F84F7AAF4AA6D2C9E1C291C88B3CFF7568D54F76
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:PK........gt]K................META-INF/..PK........0.\K................META-INF/MANIFEST.MF.M..LK-...K-*...R0.3......PK......../.\K................org/..PK......../.\K................org/develnext/..PK......../.\K................org/develnext/jphp/..PK......../.\K................org/develnext/jphp/ext/..PK........gt]K................org/develnext/jphp/ext/javafx/..PK........gt]K............#...org/develnext/jphp/ext/javafx/bind/..PK........gt]K....V.......>...org/develnext/jphp/ext/javafx/bind/BoundsMemoryOperation.class.V[W.U..N..a....B[.Z...h-.....E.h.-.j..$.Hf..$....|...P}.k.e.k..\.33..&..b......g_f.....K.w..a.3.f..).W.0.va._(.R.....).5.......$.Z.#).*V.\U.&..)S*6.|....V..$.S..0.cKAZA..s.-1.......3N.3.IX6_.....bn.h%.p.fa.t-....[e........k....K...U3[3.,;c<p*v......\.),.`8..g.f...|,.8!.......:.w%..m..K./.0..."+%..U...l,!..Vla....1gW-.....ol..f./.Y.....x".(."..^.....i.k'zc.........e.9.@..0hs.4/.\...UW..?.m.X..%..O.s...N..S..{....0.;.f).owu.....yZ...[.h....
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:Zip archive data, at least v1.0 to extract, compression method=deflate
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):17135
                                                                                                                                                                                                            Entropy (8bit):7.7352982443766
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:fSw3uFslDvQGOoqdoUFKgvXj9jmHo5+FejOcEDffWPvy:KwJlrQGOdoUFKgvTmn6y
                                                                                                                                                                                                            MD5:FDE38932B12FC063451AF6613D4470CC
                                                                                                                                                                                                            SHA1:BC08C114681A3AFC05FB8C0470776C3EAE2EEFEB
                                                                                                                                                                                                            SHA-256:9967EA3C3D1AEE8DB5A723F714FBA38D2FC26D8553435AB0E1D4E123CD211830
                                                                                                                                                                                                            SHA-512:0F211F81101CED5FFF466F2AAB0E6C807BB18B23BC4928FE664C60653C99FA81B34EDF5835FCC3AFFB34B0DF1FA61C73A621DF41355E4D82131F94FCC0B0E839
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:PK........K.\K................META-INF/..PK.........rNK................META-INF/MANIFEST.MF.M..LK-...K-*...R0.3......PK..........[K................org/..PK..........[K................org/develnext/..PK..........[K................org/develnext/jphp/..PK........K.\K................org/develnext/jphp/json/..PK........K.\K............ ...org/develnext/jphp/json/classes/..PK........K.\K........5...5...org/develnext/jphp/json/classes/JsonProcessor$1.class..[S.@.....B..E.^.A..\B.C..Uf..":.8!Y.t..$...|.M?./:.....x...C.H3._.....nv......,6...(C"..$.R.c.......*..C.a.a.a.a.a.a.a.a.a.!.eXaXU.5m.?..H.1....i...r..v`.%.wt...Y...#^.t...6.9Ks]N.t..E......O-.......%..M^.G...tFA[.,....../k..{.....U..e.....d..kq.o{f....jf.......o.A..M..P.Om.r\..ns....k1..]._...c.+.;...u.,)R...u...6.!-.Q...h_.C....(,..O..!.M.r...;.... ....io.)^....5*".F!6L[..Fe.J....C..yuO....H............#.uE..}..;.W.\,..5rn=.|&......#<...C..Z..Ok...T..r".L\).]1.a(.J.9..[.$.1E.Y/j?.^:..{4.@S`....%.o...
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:Zip archive data, at least v1.0 to extract, compression method=deflate
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):1177648
                                                                                                                                                                                                            Entropy (8bit):7.91949701328009
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:24576:cP4MBZrpGi4exQ9qdXVd/F/3yy7mgviLzIM:czHMi4eKCd/BzaLcM
                                                                                                                                                                                                            MD5:D5EF47C915BEF65A63D364F5CF7CD467
                                                                                                                                                                                                            SHA1:F711F3846E144DDDBFB31597C0C165BA8ADF8D6B
                                                                                                                                                                                                            SHA-256:9C287472408857301594F8F7BDA108457F6FDAE6E25C87EC88DBF3012E5A98B6
                                                                                                                                                                                                            SHA-512:04AEB956BFCD3BD23B540F9AD2D4110BB2FFD25FE899152C4B2E782DAA23A676DF9507078ECF1BFC409DDFBE2858AB4C4C324F431E45D8234E13905EB192BAE8
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:PK..........\K................META-INF/..PK.........rNK................META-INF/MANIFEST.MF.M..LK-...K-*...R0.3......PK..........[K................php/..PK..........\K................php/runtime/..PK..........\K................php/runtime/annotation/..PK..........\K.~..........0...php/runtime/annotation/Reflection$Abstract.class.PMK.@...W.Xm...b...s..h..%FA<m..l7!....<...Q.[D.P....y..........8h:.u.'.>..4..H.@.WE..b}>..)p...f..e.XQW..H.g..;....O...O..E...Ts6n...b..Knp....?....n.d:!....|O.=.eB,*..#...z......@'yK..'..]~..u.Ieh..9.....J.,#.....S....._&p.vv[@....{.(q-....-F.sUB..6,|A.P.-[.a.....v...PK..........\K.RG=........+...php/runtime/annotation/Reflection$Arg.class.S[SRQ......./].L-%..X.[N..M.8........l.a....C?........p8k}.Z....?~.x...v-.-....W.`X..x...].<..o..JZ.....?...U.....6.W....=.....;P....P$.....:.-a..5.*.J8..N.z........1......m.e}...Z..Y.N...6...N.2..\4.CZS..Q..,..*......*W...i"S5.$...........Qz.r...Cf(. .fo....dZ.lH.M\.q?`.............vh
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:Zip archive data, at least v1.0 to extract, compression method=deflate
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):20151
                                                                                                                                                                                                            Entropy (8bit):7.765220504812666
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:dti5BMxSo4LgAAsJilYcmwPbEM0Av7wGkJXbhS1OaVKD6U2:DqoCgqyIMZwRJLQO5eU2
                                                                                                                                                                                                            MD5:0A79304556A1289AA9E6213F574F3B08
                                                                                                                                                                                                            SHA1:7EE3BDE3B1777BF65D4F62CE33295556223A26CD
                                                                                                                                                                                                            SHA-256:434E57FFFC7DF0B725C1D95CABAFDCDB83858CCB3E5E728A74D3CF33A0CA9C79
                                                                                                                                                                                                            SHA-512:1560703D0C162D73C99CEF9E8DDC050362E45209CC8DEA6A34A49E2B6F99AAE462EAE27BA026BDB29433952B6696896BB96998A0F6AC0A3C1DBBB2F6EBC26A7E
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:PK.........tVK................META-INF/..PK.........rNK................META-INF/MANIFEST.MF.M..LK-...K-*...R0.3......PK........wkVK................org/..PK........wkVK................org/develnext/..PK........wkVK................org/develnext/jphp/..PK........wkVK................org/develnext/jphp/ext/..PK........wkVK................org/develnext/jphp/ext/xml/..PK........wkVK............#...org/develnext/jphp/ext/xml/classes/..PK........wkVKmw.>........@...org/develnext/jphp/ext/xml/classes/WrapDomDocument$Methods.class.R]S.@.=......R...!y!3.}..L...;".5.iS...f..O.....r.l...f$.9{..~.....'.W.q...9...}.NS.U/a...y......e.D".,.%h.pk....|.`BOh.P>..J.|.N...>...C..H...4./....E\.t....M.g..<...|..yC..`...1..k;.l.Vu.u..+.P...ro....N~...g..>..#..X.%...U.........n.fB.C..yw.KQ..;.g}..4..UmW.*E.d...T..P.|....Li..g..2..........8.5.%..Ez..[dw.M.H....pv..I6..p.&A..<gypE......r...i..9.{.@?...?|..Pw.........U.s..h...A....,..cp.K........W,...m..cp...........c<.....cK..;$x.....PK........w
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:Zip archive data, at least v1.0 to extract, compression method=deflate
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):97358
                                                                                                                                                                                                            Entropy (8bit):7.9345189846943915
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:1536:yZwgOueuKZ4THgWvLnhgmmJFgVn+nhEA1ODIrSrUricEDMrV+LAB:yZwgwuKmTDFgmmoVn+mAUhrUicRoAB
                                                                                                                                                                                                            MD5:4BC2AEA7281E27BC91566377D0ED1897
                                                                                                                                                                                                            SHA1:D02D897E8A8ACA58E3635C009A16D595A5649D44
                                                                                                                                                                                                            SHA-256:4AEF566BBF3F0B56769A0C45275EBBF7894E9DDB54430C9DB2874124B7CEA288
                                                                                                                                                                                                            SHA-512:DA35BB2F67BCA7527DC94E5A99A162180B2701DDCA2C688D9E0BE69876ACA7C48F192D0F03D431CCD2D8EEC55E0E681322B4F15EBA4DB29EF5557316E8E51E10
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:PK.........tVK................META-INF/..PK.........rNK................META-INF/MANIFEST.MF.M..LK-...K-*...R0.3......PK........bkVK................org/..PK........bkVK................org/develnext/..PK........bkVK................org/develnext/jphp/..PK........bkVK................org/develnext/jphp/zend/..PK........ckVK................org/develnext/jphp/zend/ext/..PK........bkVK............!...org/develnext/jphp/zend/ext/json/..PK........bkVK.l.R........4...org/develnext/jphp/zend/ext/json/JsonConstants.class..]o.0......c]...k....!..@..u.4).[mWQ.F,S.Ti:!..K\!q...G!.M.^............;...j.2.8.O..@....dG.....A`...$......A...5..;B[.._.c.B......B`].u...[.J.D.,...f.A=.d..pv.lJ..h...t.s.cX.y...8?...b.g.[..Z.z..<...&..z....j...xiX..s...,...0J.\c..$PQ$..ym.m...x.;&.GwD....u.........".L .:.......~.@....f...tt.$.?..R6.?..I(x&f..pB...'..Ap....c...O.. .h.&q..p........O.~P.e..n..?..p....._a..E".Fi8.dh2...$...h..i..8I}.e.....C..YX....<....._F.*..|E.5.....zW..@.Tx.....+..@..
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:Zip archive data, at least v1.0 to extract, compression method=deflate
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):13213
                                                                                                                                                                                                            Entropy (8bit):7.627776815487544
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:192:yXmigootuYzXKKk6BL8UUJY0eP6nHY2AJ4qxivXRp2gFyjSonqKLRM7RbEZ:Km0WzX7k6eJB06HZYwRzFyj0uRM7RbEZ
                                                                                                                                                                                                            MD5:20F6F88989E806D23C29686B090F6190
                                                                                                                                                                                                            SHA1:1FDB9A66BB5CA587C05D3159829A8780BB66C87D
                                                                                                                                                                                                            SHA-256:9D5F06D539B91E98FD277FC01FD2F9AF6FEA58654E3B91098503B235A83ABB16
                                                                                                                                                                                                            SHA-512:2798BB1DD0AA121CD766BD5B47D256B1A528E9DB83ED61311FA685F669B7F60898118AE8C69D2A30D746AF362B810B133103CBE426E0293DD2111ACA1B41CCEA
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:PK........1.\K................META-INF/..PK........1.\K................META-INF/MANIFEST.MF.M..LK-...K-*...R0.3......PK........1.\K................org/..PK........1.\K................org/develnext/..PK........1.\K................org/develnext/jphp/..PK........1.\K................org/develnext/jphp/ext/..PK........1.\K................org/develnext/jphp/ext/zip/..PK........1.\K............#...org/develnext/jphp/ext/zip/classes/..PK........1.\K..tp....B...6...org/develnext/jphp/ext/zip/classes/PZipException.class.SMo.@.}...../Z.@.iC(.X.....B....*U.....6[.k.vL......B.:.JPER.ffg.}3+....'.....5k....l.f^k..7.W.n.D.7...P&....84.2i.=....4.b..._.Z...R;<T.9W.....T.ok.E7......d)......cq.2..u...{...:../.D%b...:...R.........I....../TMx7a..b..|.Y..m.u8.~.G/.......P...cO...v.{fu.V...].hV..0...8x.......Qq{.%..,.G..i.FVP....w;h..,"....S..pf.1....Q....2f..'<..#.....6....fD.CBs:...K.B.OD..".?.+..l.>ms...y...;.[........YT8Z..8.5.qP.*..,..h./.-.K.....i..S....{...8Z....wpo...-.X..4p
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:Zip archive data, at least v1.0 to extract, compression method=store
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):41203
                                                                                                                                                                                                            Entropy (8bit):7.855219741633254
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:768:CkwPhOR4PpSvw6vob5IJ9eoYUx7eBr9HDhzCZ+8ylnm1fjiUNcS5cXeK/7DaeR7g:CRPhOR4B0reWJYURuHN4ylnaeSI4
                                                                                                                                                                                                            MD5:CAAFE376AFB7086DCBEE79F780394CA3
                                                                                                                                                                                                            SHA1:DA76CA59F6A57EE3102F8F9BD9CEE742973EFA8A
                                                                                                                                                                                                            SHA-256:18C4A0095D5C1DA6B817592E767BB23D29DD2F560AD74DF75FF3961DBDE25B79
                                                                                                                                                                                                            SHA-512:5DD6271FD5B34579D8E66271BAB75C89BACA8B2EBEAA9966DE391284BD08F2D720083C6E0E1EDDA106ECF8A04E9A32116DE6873F0F88C19C049C0FE27E5D820B
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:PK..........pJ................META-INF/PK..........pJ..w0?...........META-INF/MANIFEST.MF}._O.0....;.....J2....a..F.o.v..tm.....&c..q.w.9'..Q..Y...q%..%.........x.`.g..|ol.ZH......l.hF...7...............Gw..2..'.1..<..F&../4.O..V......4..R....k...*.<.Un..h....ZR...B..Kn..u.L5o..~.kl{.........xJ......d.L...~D..O.Y.w..$..X.r...FI.3@Q/.q.>.ke,.S....C...|.:.C]...L...{.....K.....m.D.&..Cx.qk...j...PK........J.pJ................org/PK..........pJ................org/slf4j/PK..........pJ................org/slf4j/event/PK..........pJ................org/slf4j/helpers/PK..........pJ................org/slf4j/spi/PK..........pJ...^]...+...$...org/slf4j/event/EventConstants.class}.MO.@...........=.x...!!%i......6i../O&....(.l.../.y.wvf..........8..$..C...C}..F...P..^(LOLL7.Ir4.r.-].5...k....].=._...#.....CkM.q.[*...0U..l.......N.27..[.d.|......4p<.E/..F..r..g.;1.G.RL.g'd....VC..z......q.S.dP.?.f..H[.........'....Ck.g..i-..P8".|..6.p...+dp..........5..+k.A\X."..........e
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:Zip archive data, at least v1.0 to extract, compression method=store
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):15257
                                                                                                                                                                                                            Entropy (8bit):7.804568217256536
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:192:wyBOIrDL/vJ0RWNML2NyWKr362ByOikGnqO5Vyb3Uab+UtJIdgihtqSXs:wyBnxxMLg7KrqU7Gnqrb3lhtuF/qS8
                                                                                                                                                                                                            MD5:722BB90689AECC523E3FE317E1F0984B
                                                                                                                                                                                                            SHA1:8DACF9514F0C707CBBCDD6FD699E8940D42FB54E
                                                                                                                                                                                                            SHA-256:0966E86FFFA5BE52D3D9E7B89DD674D98A03EED0A454FBAF7C1BD9493BD9D874
                                                                                                                                                                                                            SHA-512:D5EFFBFA105BCD615E56EF983075C9EF0F52BCFDBEFA3CE8CEA9550F25B859E48B32F2EC9AA7A305C6611A3BE5E0CDE0D269588D9C2897CA987359B77213331D
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:PK..........pJ................META-INF/PK..........pJ.T..N...........META-INF/MANIFEST.MFuR]O.0.}_....`. ........%...L...............{>.97...6..^..L..u........e<..5:..3V@..xt..0#t.hF...3..7..U........Ww`.".'..b.)wDo.~.".f......f6.....XZ......?.X..;J#.+.8..Z..Z...i@-.%3.|.....u..N4;.....%g...g..R7....D,.......u..3..b.-I.j...{......))l....(.e.`.Ie...I.NR%^.fC<.U.......w....6.:.=[..........$.*..2.Yjsu....PK........K.pJ................org/PK........K.pJ................org/slf4j/PK........K.pJ................org/slf4j/impl/PK........K.pJ.._.........#...org/slf4j/impl/OutputChoice$1.class..mO.P...w+.6+..4yP.....t........f. 1. ]w..v.Z.O.k51..>.o.F.s..$(.I.?.wn.97.......@..,.c&.,f3.....qC.M!.Bn..-cQ.........5(.A.0t.T...`...Q8..Z.wl~.Z...!..`H?.].s.g..bi.A...Z.2..oE.m....K.....k....`..c.3.......|3.{u...=....C.....uG$L.....^.g....<.....2.........`UA.....[)./>..y .!V..i(Z<.M.E;1.........Z.!.2....v..!...E.V.jqz...P..r#.R,...)G....~s..P>w..t..r..o.....&k.....?.q3..0
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            File Type:Zip archive data, at least v1.0 to extract, compression method=store
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):105007
                                                                                                                                                                                                            Entropy (8bit):7.8886535210991395
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:1536:Dxpeuv7xOoWmvqcQurq8vGDTRAi5yRdPPl/CJqM9ggS3OIrBTH6x0:Fguv7cfmJrUOiYRbXMbS3Ooox0
                                                                                                                                                                                                            MD5:0FD8BC4F0F2E37FEB1EFC474D037AF55
                                                                                                                                                                                                            SHA1:ADD8FFACE4C1936787EB4BFFE4EA944A13467D53
                                                                                                                                                                                                            SHA-256:1E31EF3145D1E30B31107B7AFC4A61011EBCA99550DCE65F945C2EA4CCAC714B
                                                                                                                                                                                                            SHA-512:29DE5832DB5B43FDC99BB7EA32A7359441D6CF5C05561DD0A6960B33078471E4740EE08FFBD97A5CED4B7DD9CC98FAD6ADD43EDB4418BF719F90F83C58188149
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:PK.........E?J................META-INF/PK.........E?J&.x~i...........META-INF/MANIFEST.MF.M..LK-...K-*...R0.3..r,J..,K-B...V..+.$x...R.KRSt.*......3R.|..R.x..J3sJ..%.....E...]..l...z.....\.\.PK.........E?J................org/PK.........E?J................org/zeroturnaround/PK.........E?J................org/zeroturnaround/zip/PK.........E?J................org/zeroturnaround/zip/commons/PK.........E?J................org/zeroturnaround/zip/extra/PK.........E?J............"...org/zeroturnaround/zip/timestamps/PK.........E?J............!...org/zeroturnaround/zip/transform/PK.........E?J............'...org/zeroturnaround/zip/ByteSource.class.U.W.U..6.l..B.7...`H..`.-.. ..g[(.b.%....q...../..G_.9.<rN.Oz...?.77.4=.;s....|w....}..2.60.....#..........!.,.X....$r".x ...?.....-x(bU.#...X...@..u|b...8...4..D.....#...d...Z.w..V.`.......&4D7.|..!.>IG..5h..^..%......`...&.9..y....N..oj.L...>9.J.)w.X..N.^..n...Q.%.7o.V-.y`l...fqq..........hyn....wJ.If..V...........r..]..Z....1..5...
                                                                                                                                                                                                            Process:C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe
                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):45
                                                                                                                                                                                                            Entropy (8bit):0.9111711733157262
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:3:/lwlt7n:WNn
                                                                                                                                                                                                            MD5:C8366AE350E7019AEFC9D1E6E6A498C6
                                                                                                                                                                                                            SHA1:5731D8A3E6568A5F2DFBBC87E3DB9637DF280B61
                                                                                                                                                                                                            SHA-256:11E6ACA8E682C046C83B721EEB5C72C5EF03CB5936C60DF6F4993511DDC61238
                                                                                                                                                                                                            SHA-512:33C980D5A638BFC791DE291EBF4B6D263B384247AB27F261A54025108F2F85374B579A026E545F81395736DD40FA4696F2163CA17640DD47F1C42BC9971B18CD
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:........................................J2SE.
                                                                                                                                                                                                            File type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                                                                                                                                                            Entropy (8bit):7.9997250801965745
                                                                                                                                                                                                            TrID:
                                                                                                                                                                                                            • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                                            • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                            • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                            • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                            File name:DHzscd9uqT.exe
                                                                                                                                                                                                            File size:46'513'496 bytes
                                                                                                                                                                                                            MD5:af3c0e9cada6c8e34d2c1a9e8b77feba
                                                                                                                                                                                                            SHA1:f57a1a856bb437d253edd159466c98e81fa3f1a0
                                                                                                                                                                                                            SHA256:183c6aa694124103e3896ee7b71175f4a81d9533218617cb80d60d9307b53c90
                                                                                                                                                                                                            SHA512:e49f131d3d0e7f68b749f4bc387b30f692a5e73aae2e3e5595ab004e6cac7518bb0b101a8c0022c7401174d5d23de1ccca1dfc433dec8e89c43952ec8a44e093
                                                                                                                                                                                                            SSDEEP:786432:+r9TtNURsYshn+BHht9vgoVflXmMgcns2L/vjTR4xz6paBXZH1fGGliTuCbtDdlE:+rpUms94ov2MgDyvjTSxuYfeGibFdDEz
                                                                                                                                                                                                            TLSH:9AA73359CE12DAE0FA17017E44B7DC2A1DC39C2E7A8EE486158CF3683E335539617C9A
                                                                                                                                                                                                            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1 ..PN..PN..PN.*_...PN..PO.JPN.*_...PN..s~..PN..VH..PN.Rich.PN.........................PE..L....C.f.................h...".....
                                                                                                                                                                                                            Icon Hash:32728092d4f29244
                                                                                                                                                                                                            Entrypoint:0x403665
                                                                                                                                                                                                            Entrypoint Section:.text
                                                                                                                                                                                                            Digitally signed:true
                                                                                                                                                                                                            Imagebase:0x400000
                                                                                                                                                                                                            Subsystem:windows gui
                                                                                                                                                                                                            Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                                                                                                                                                                                            DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                            Time Stamp:0x660843F7 [Sat Mar 30 16:55:19 2024 UTC]
                                                                                                                                                                                                            TLS Callbacks:
                                                                                                                                                                                                            CLR (.Net) Version:
                                                                                                                                                                                                            OS Version Major:4
                                                                                                                                                                                                            OS Version Minor:0
                                                                                                                                                                                                            File Version Major:4
                                                                                                                                                                                                            File Version Minor:0
                                                                                                                                                                                                            Subsystem Version Major:4
                                                                                                                                                                                                            Subsystem Version Minor:0
                                                                                                                                                                                                            Import Hash:9dda1a1d1f8a1d13ae0297b47046b26e
                                                                                                                                                                                                            Signature Valid:true
                                                                                                                                                                                                            Signature Issuer:CN=Certum Extended Validation Code Signing 2021 CA, O=Asseco Data Systems S.A., C=PL
                                                                                                                                                                                                            Signature Validation Error:The operation completed successfully
                                                                                                                                                                                                            Error Number:0
                                                                                                                                                                                                            Not Before, Not After
                                                                                                                                                                                                            • 23/09/2024 07:43:44 23/09/2025 07:43:43
                                                                                                                                                                                                            Subject Chain
                                                                                                                                                                                                            • CN="Menghu Network Technology (Beijing) Co., Ltd.", O="Menghu Network Technology (Beijing) Co., Ltd.", L=Beijing, S=Beijing, C=CN, SERIALNUMBER=91110229MA01R14F61, OID.1.3.6.1.4.1.311.60.2.1.1=Beijing, OID.1.3.6.1.4.1.311.60.2.1.2=Beijing, OID.1.3.6.1.4.1.311.60.2.1.3=CN, OID.2.5.4.15=Private Organization
                                                                                                                                                                                                            Version:3
                                                                                                                                                                                                            Thumbprint MD5:546BC403BAF99A4D201101D290537E78
                                                                                                                                                                                                            Thumbprint SHA-1:17C88198B4F3343FDDFC002BC94BD9098EC39FB2
                                                                                                                                                                                                            Thumbprint SHA-256:F9B5B8803D20DFB0B48BD3ADEC1305EC291D4B9202798FB9C029BB5EC49C598A
                                                                                                                                                                                                            Serial:42BC236A8370D6E230B726E0D4FB16C6
                                                                                                                                                                                                            Instruction
                                                                                                                                                                                                            sub esp, 000003F8h
                                                                                                                                                                                                            push ebp
                                                                                                                                                                                                            push esi
                                                                                                                                                                                                            push edi
                                                                                                                                                                                                            push 00000020h
                                                                                                                                                                                                            pop edi
                                                                                                                                                                                                            xor ebp, ebp
                                                                                                                                                                                                            push 00008001h
                                                                                                                                                                                                            mov dword ptr [esp+20h], ebp
                                                                                                                                                                                                            mov dword ptr [esp+18h], 0040A230h
                                                                                                                                                                                                            mov dword ptr [esp+14h], ebp
                                                                                                                                                                                                            call dword ptr [004080A0h]
                                                                                                                                                                                                            mov esi, dword ptr [004080A4h]
                                                                                                                                                                                                            lea eax, dword ptr [esp+34h]
                                                                                                                                                                                                            push eax
                                                                                                                                                                                                            mov dword ptr [esp+4Ch], ebp
                                                                                                                                                                                                            mov dword ptr [esp+0000014Ch], ebp
                                                                                                                                                                                                            mov dword ptr [esp+00000150h], ebp
                                                                                                                                                                                                            mov dword ptr [esp+38h], 0000011Ch
                                                                                                                                                                                                            call esi
                                                                                                                                                                                                            test eax, eax
                                                                                                                                                                                                            jne 00007F34BCD5898Ah
                                                                                                                                                                                                            lea eax, dword ptr [esp+34h]
                                                                                                                                                                                                            mov dword ptr [esp+34h], 00000114h
                                                                                                                                                                                                            push eax
                                                                                                                                                                                                            call esi
                                                                                                                                                                                                            mov ax, word ptr [esp+48h]
                                                                                                                                                                                                            mov ecx, dword ptr [esp+62h]
                                                                                                                                                                                                            sub ax, 00000053h
                                                                                                                                                                                                            add ecx, FFFFFFD0h
                                                                                                                                                                                                            neg ax
                                                                                                                                                                                                            sbb eax, eax
                                                                                                                                                                                                            mov byte ptr [esp+0000014Eh], 00000004h
                                                                                                                                                                                                            not eax
                                                                                                                                                                                                            and eax, ecx
                                                                                                                                                                                                            mov word ptr [esp+00000148h], ax
                                                                                                                                                                                                            cmp dword ptr [esp+38h], 0Ah
                                                                                                                                                                                                            jnc 00007F34BCD58958h
                                                                                                                                                                                                            and word ptr [esp+42h], 0000h
                                                                                                                                                                                                            mov eax, dword ptr [esp+40h]
                                                                                                                                                                                                            movzx ecx, byte ptr [esp+3Ch]
                                                                                                                                                                                                            mov dword ptr [00429B18h], eax
                                                                                                                                                                                                            xor eax, eax
                                                                                                                                                                                                            mov ah, byte ptr [esp+38h]
                                                                                                                                                                                                            movzx eax, ax
                                                                                                                                                                                                            or eax, ecx
                                                                                                                                                                                                            xor ecx, ecx
                                                                                                                                                                                                            mov ch, byte ptr [esp+00000148h]
                                                                                                                                                                                                            movzx ecx, cx
                                                                                                                                                                                                            shl eax, 10h
                                                                                                                                                                                                            or eax, ecx
                                                                                                                                                                                                            movzx ecx, byte ptr [esp+0000004Eh]
                                                                                                                                                                                                            Programming Language:
                                                                                                                                                                                                            • [EXP] VC++ 6.0 SP5 build 8804
                                                                                                                                                                                                            NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_IMPORT0x84fc0xa0.rdata
                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_RESOURCE0x460000x1aa38.rsrc
                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_SECURITY0x2c594500x2908
                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_IAT0x80000x2a8.rdata
                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                                                                                                                                                                                                            NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                            .text0x10000x66d70x68004e97e586f167bf2d2eddcdba22e25c0eFalse0.6615835336538461data6.441769857560007IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                            .rdata0x80000x13580x1400bd82d08a08da8783923a22b467699302False0.4431640625data5.103358601944578IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                            .data0xa0000x1fb780x600e411b225ac3cd03a5dad8143ae82958dFalse0.5091145833333334data4.122928093833695IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                            .ndata0x2a0000x1c0000x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                            .rsrc0x460000x1aa380x1ac009a80b6621b0a9f4185773407637b0e4dFalse0.14106308411214954data3.955850034216761IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                            NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                            RT_ICON0x462b00x10828Device independent bitmap graphic, 128 x 256 x 32, image size 65536EnglishUnited States0.046433218975511656
                                                                                                                                                                                                            RT_ICON0x56ad80x4228Device independent bitmap graphic, 64 x 128 x 32, image size 16384EnglishUnited States0.10350732168162494
                                                                                                                                                                                                            RT_ICON0x5ad000x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9216EnglishUnited States0.1479253112033195
                                                                                                                                                                                                            RT_ICON0x5d2a80x18d0PNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9713476070528967
                                                                                                                                                                                                            RT_ICON0x5eb780x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4096EnglishUnited States0.22115384615384615
                                                                                                                                                                                                            RT_ICON0x5fc200x468Device independent bitmap graphic, 16 x 32 x 32, image size 1024EnglishUnited States0.4352836879432624
                                                                                                                                                                                                            RT_ICON0x600880x128dataEnglishUnited States0.04391891891891892
                                                                                                                                                                                                            RT_DIALOG0x601b00x202dataEnglishUnited States0.4085603112840467
                                                                                                                                                                                                            RT_DIALOG0x603b80xf8dataEnglishUnited States0.6290322580645161
                                                                                                                                                                                                            RT_DIALOG0x604b00xeedataEnglishUnited States0.6302521008403361
                                                                                                                                                                                                            RT_GROUP_ICON0x605a00x68dataEnglishUnited States0.6826923076923077
                                                                                                                                                                                                            RT_MANIFEST0x606080x42eXML 1.0 document, ASCII text, with very long lines (1070), with no line terminatorsEnglishUnited States0.5130841121495328
                                                                                                                                                                                                            DLLImport
                                                                                                                                                                                                            ADVAPI32.dllRegEnumValueW, RegEnumKeyW, RegQueryValueExW, RegSetValueExW, RegCloseKey, RegDeleteValueW, RegDeleteKeyW, AdjustTokenPrivileges, LookupPrivilegeValueW, OpenProcessToken, RegOpenKeyExW, RegCreateKeyExW
                                                                                                                                                                                                            SHELL32.dllSHGetPathFromIDListW, SHBrowseForFolderW, SHGetFileInfoW, SHFileOperationW, ShellExecuteExW
                                                                                                                                                                                                            ole32.dllCoCreateInstance, OleUninitialize, OleInitialize, IIDFromString, CoTaskMemFree
                                                                                                                                                                                                            COMCTL32.dllImageList_Destroy, ImageList_AddMasked, ImageList_Create
                                                                                                                                                                                                            USER32.dllMessageBoxIndirectW, GetDlgItemTextW, SetDlgItemTextW, CreatePopupMenu, AppendMenuW, TrackPopupMenu, OpenClipboard, EmptyClipboard, SetClipboardData, CloseClipboard, IsWindowVisible, CallWindowProcW, GetMessagePos, CheckDlgButton, LoadCursorW, SetCursor, GetSysColor, SetWindowPos, GetWindowLongW, IsWindowEnabled, SetClassLongW, GetSystemMenu, EnableMenuItem, GetWindowRect, ScreenToClient, EndDialog, RegisterClassW, SystemParametersInfoW, CharPrevW, GetClassInfoW, DialogBoxParamW, CharNextW, ExitWindowsEx, DestroyWindow, CreateDialogParamW, SetTimer, SetWindowTextW, PostQuitMessage, SetForegroundWindow, ShowWindow, wsprintfW, SendMessageTimeoutW, FindWindowExW, IsWindow, GetDlgItem, SetWindowLongW, LoadImageW, GetDC, ReleaseDC, EnableWindow, InvalidateRect, SendMessageW, DefWindowProcW, BeginPaint, GetClientRect, FillRect, DrawTextW, EndPaint, CharNextA, wsprintfA, DispatchMessageW, CreateWindowExW, PeekMessageW, GetSystemMetrics
                                                                                                                                                                                                            GDI32.dllGetDeviceCaps, SetBkColor, SelectObject, DeleteObject, CreateBrushIndirect, CreateFontIndirectW, SetBkMode, SetTextColor
                                                                                                                                                                                                            KERNEL32.dllRemoveDirectoryW, lstrcmpiA, GetTempFileNameW, CreateProcessW, CreateDirectoryW, GetLastError, CreateThread, GlobalLock, GlobalUnlock, GetDiskFreeSpaceW, WideCharToMultiByte, lstrcpynW, lstrlenW, SetErrorMode, GetVersionExW, GetCommandLineW, GetTempPathW, GetWindowsDirectoryW, SetEnvironmentVariableW, WriteFile, ExitProcess, GetCurrentProcess, GetModuleFileNameW, GetFileSize, CreateFileW, GetTickCount, Sleep, SetFileAttributesW, GetFileAttributesW, SetCurrentDirectoryW, MoveFileW, GetFullPathNameW, GetShortPathNameW, SearchPathW, CompareFileTime, SetFileTime, CloseHandle, lstrcmpiW, lstrcmpW, ExpandEnvironmentStringsW, GlobalFree, GlobalAlloc, GetModuleHandleW, LoadLibraryExW, FreeLibrary, WritePrivateProfileStringW, GetPrivateProfileStringW, lstrlenA, MultiByteToWideChar, ReadFile, SetFilePointer, FindClose, FindNextFileW, FindFirstFileW, DeleteFileW, MulDiv, lstrcpyA, MoveFileExW, lstrcatW, GetSystemDirectoryW, GetProcAddress, GetModuleHandleA, GetExitCodeProcess, WaitForSingleObject, CopyFileW
                                                                                                                                                                                                            Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                            EnglishUnited States
                                                                                                                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                            Nov 21, 2024 19:34:26.365343094 CET49763443192.168.2.6104.20.3.235
                                                                                                                                                                                                            Nov 21, 2024 19:34:26.365391970 CET44349763104.20.3.235192.168.2.6
                                                                                                                                                                                                            Nov 21, 2024 19:34:26.365586042 CET49763443192.168.2.6104.20.3.235
                                                                                                                                                                                                            Nov 21, 2024 19:34:26.380124092 CET49763443192.168.2.6104.20.3.235
                                                                                                                                                                                                            Nov 21, 2024 19:34:26.380141020 CET44349763104.20.3.235192.168.2.6
                                                                                                                                                                                                            Nov 21, 2024 19:34:27.654961109 CET44349763104.20.3.235192.168.2.6
                                                                                                                                                                                                            Nov 21, 2024 19:34:27.655174971 CET49763443192.168.2.6104.20.3.235
                                                                                                                                                                                                            Nov 21, 2024 19:34:27.826421022 CET49763443192.168.2.6104.20.3.235
                                                                                                                                                                                                            Nov 21, 2024 19:34:27.826442957 CET44349763104.20.3.235192.168.2.6
                                                                                                                                                                                                            Nov 21, 2024 19:34:27.826776981 CET44349763104.20.3.235192.168.2.6
                                                                                                                                                                                                            Nov 21, 2024 19:34:27.826832056 CET49763443192.168.2.6104.20.3.235
                                                                                                                                                                                                            Nov 21, 2024 19:34:27.826925993 CET49763443192.168.2.6104.20.3.235
                                                                                                                                                                                                            Nov 21, 2024 19:34:27.826941967 CET44349763104.20.3.235192.168.2.6
                                                                                                                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                            Nov 21, 2024 19:34:26.217361927 CET5477253192.168.2.61.1.1.1
                                                                                                                                                                                                            Nov 21, 2024 19:34:26.355549097 CET53547721.1.1.1192.168.2.6
                                                                                                                                                                                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                            Nov 21, 2024 19:34:26.217361927 CET192.168.2.61.1.1.10xefa9Standard query (0)pastebin.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                            Nov 21, 2024 19:34:26.355549097 CET1.1.1.1192.168.2.60xefa9No error (0)pastebin.com104.20.3.235A (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 21, 2024 19:34:26.355549097 CET1.1.1.1192.168.2.60xefa9No error (0)pastebin.com172.67.19.24A (IP address)IN (0x0001)false
                                                                                                                                                                                                            Nov 21, 2024 19:34:26.355549097 CET1.1.1.1192.168.2.60xefa9No error (0)pastebin.com104.20.4.235A (IP address)IN (0x0001)false

                                                                                                                                                                                                            Click to jump to process

                                                                                                                                                                                                            Click to jump to process

                                                                                                                                                                                                            Click to dive into process behavior distribution

                                                                                                                                                                                                            Click to jump to process

                                                                                                                                                                                                            Target ID:0
                                                                                                                                                                                                            Start time:13:34:04
                                                                                                                                                                                                            Start date:21/11/2024
                                                                                                                                                                                                            Path:C:\Users\user\Desktop\DHzscd9uqT.exe
                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                            Commandline:"C:\Users\user\Desktop\DHzscd9uqT.exe"
                                                                                                                                                                                                            Imagebase:0x400000
                                                                                                                                                                                                            File size:46'513'496 bytes
                                                                                                                                                                                                            MD5 hash:AF3C0E9CADA6C8E34D2C1A9E8B77FEBA
                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                            Reputation:low
                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                            Target ID:6
                                                                                                                                                                                                            Start time:13:34:20
                                                                                                                                                                                                            Start date:21/11/2024
                                                                                                                                                                                                            Path:C:\Users\user\AppData\Roaming\InstallerPDW\install.exe
                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                            Commandline:C:\Users\user\AppData\Roaming\InstallerPDW\install.exe
                                                                                                                                                                                                            Imagebase:0x400000
                                                                                                                                                                                                            File size:139'264 bytes
                                                                                                                                                                                                            MD5 hash:FCA89C62D6EA9F979B3A8D21EE2C4F55
                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                            Antivirus matches:
                                                                                                                                                                                                            • Detection: 3%, ReversingLabs
                                                                                                                                                                                                            Reputation:low
                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                            Target ID:7
                                                                                                                                                                                                            Start time:13:34:20
                                                                                                                                                                                                            Start date:21/11/2024
                                                                                                                                                                                                            Path:C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe
                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                            Commandline:"C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe" -Dfile.encoding=UTF-8 -classpath "lib\.;lib\..;lib\asm-all.jar;lib\dn-compiled-module.jar;lib\dn-php-sdk.jar;lib\gson.jar;lib\jphp-app-framework.jar;lib\jphp-core.jar;lib\jphp-desktop-ext.jar;lib\jphp-gui-ext.jar;lib\jphp-json-ext.jar;lib\jphp-runtime.jar;lib\jphp-xml-ext.jar;lib\jphp-zend-ext.jar;lib\jphp-zip-ext.jar;lib\slf4j-api.jar;lib\slf4j-simple.jar;lib\zt-zip.jar" org.develnext.jphp.ext.javafx.FXLauncher
                                                                                                                                                                                                            Imagebase:0xc00000
                                                                                                                                                                                                            File size:191'552 bytes
                                                                                                                                                                                                            MD5 hash:48C96771106DBDD5D42BBA3772E4B414
                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                            Antivirus matches:
                                                                                                                                                                                                            • Detection: 0%, ReversingLabs
                                                                                                                                                                                                            Reputation:moderate
                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                            Reset < >

                                                                                                                                                                                                              Execution Graph

                                                                                                                                                                                                              Execution Coverage:13.3%
                                                                                                                                                                                                              Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                              Signature Coverage:16.2%
                                                                                                                                                                                                              Total number of Nodes:1381
                                                                                                                                                                                                              Total number of Limit Nodes:15
                                                                                                                                                                                                              execution_graph 3852 401bc0 3853 401c11 3852->3853 3854 401bcd 3852->3854 3855 401c16 3853->3855 3856 401c3b GlobalAlloc 3853->3856 3857 4023af 3854->3857 3862 401be4 3854->3862 3865 401c56 3855->3865 3873 4066a2 lstrcpynW 3855->3873 3858 4066df 21 API calls 3856->3858 3859 4066df 21 API calls 3857->3859 3858->3865 3861 4023bc 3859->3861 3866 405d02 MessageBoxIndirectW 3861->3866 3871 4066a2 lstrcpynW 3862->3871 3863 401c28 GlobalFree 3863->3865 3866->3865 3867 401bf3 3872 4066a2 lstrcpynW 3867->3872 3869 401c02 3874 4066a2 lstrcpynW 3869->3874 3871->3867 3872->3869 3873->3863 3874->3865 3875 406dc0 3877 406c44 3875->3877 3876 4075af 3877->3876 3878 406cc5 GlobalFree 3877->3878 3879 406cce GlobalAlloc 3877->3879 3880 406d45 GlobalAlloc 3877->3880 3881 406d3c GlobalFree 3877->3881 3878->3879 3879->3876 3879->3877 3880->3876 3880->3877 3881->3880 3882 402641 3883 402dcb 21 API calls 3882->3883 3884 402648 3883->3884 3887 406192 GetFileAttributesW CreateFileW 3884->3887 3886 402654 3887->3886 3888 4025c3 3898 402e0b 3888->3898 3892 4025d6 3893 4025f2 RegEnumKeyW 3892->3893 3894 4025fe RegEnumValueW 3892->3894 3895 402953 3892->3895 3896 402613 RegCloseKey 3893->3896 3894->3896 3896->3895 3899 402dcb 21 API calls 3898->3899 3900 402e22 3899->3900 3901 40650f RegOpenKeyExW 3900->3901 3902 4025cd 3901->3902 3903 402da9 3902->3903 3904 4066df 21 API calls 3903->3904 3905 402dbe 3904->3905 3905->3892 3906 4015c8 3907 402dcb 21 API calls 3906->3907 3908 4015cf SetFileAttributesW 3907->3908 3909 4015e1 3908->3909 3827 401fc9 3828 402dcb 21 API calls 3827->3828 3829 401fcf 3828->3829 3830 405727 28 API calls 3829->3830 3831 401fd9 3830->3831 3832 405c85 2 API calls 3831->3832 3833 401fdf 3832->3833 3834 402002 CloseHandle 3833->3834 3837 402953 3833->3837 3842 406b41 WaitForSingleObject 3833->3842 3834->3837 3838 401ff4 3839 402004 3838->3839 3840 401ff9 3838->3840 3839->3834 3847 4065e9 wsprintfW 3840->3847 3843 406b5b 3842->3843 3844 406b6d GetExitCodeProcess 3843->3844 3845 406ad2 2 API calls 3843->3845 3844->3838 3846 406b62 WaitForSingleObject 3845->3846 3846->3843 3847->3834 3917 404acb 3918 404b01 3917->3918 3919 404adb 3917->3919 3927 404688 3918->3927 3924 404621 3919->3924 3922 404ae8 SetDlgItemTextW 3922->3918 3925 4066df 21 API calls 3924->3925 3926 40462c SetDlgItemTextW 3925->3926 3926->3922 3928 4046a0 GetWindowLongW 3927->3928 3929 40474b 3927->3929 3928->3929 3930 4046b5 3928->3930 3930->3929 3931 4046e2 GetSysColor 3930->3931 3932 4046e5 3930->3932 3931->3932 3933 4046f5 SetBkMode 3932->3933 3934 4046eb SetTextColor 3932->3934 3935 404713 3933->3935 3936 40470d GetSysColor 3933->3936 3934->3933 3937 404724 3935->3937 3938 40471a SetBkColor 3935->3938 3936->3935 3937->3929 3939 404737 DeleteObject 3937->3939 3940 40473e CreateBrushIndirect 3937->3940 3938->3937 3939->3940 3940->3929 3944 40204f 3945 402dcb 21 API calls 3944->3945 3946 402056 3945->3946 3947 406a96 5 API calls 3946->3947 3948 402065 3947->3948 3949 402081 GlobalAlloc 3948->3949 3951 4020f1 3948->3951 3950 402095 3949->3950 3949->3951 3952 406a96 5 API calls 3950->3952 3953 40209c 3952->3953 3954 406a96 5 API calls 3953->3954 3955 4020a6 3954->3955 3955->3951 3959 4065e9 wsprintfW 3955->3959 3957 4020df 3960 4065e9 wsprintfW 3957->3960 3959->3957 3960->3951 3961 40254f 3962 402e0b 21 API calls 3961->3962 3963 402559 3962->3963 3964 402dcb 21 API calls 3963->3964 3965 402562 3964->3965 3966 40256d RegQueryValueExW 3965->3966 3969 402953 3965->3969 3967 40258d 3966->3967 3968 402593 RegCloseKey 3966->3968 3967->3968 3972 4065e9 wsprintfW 3967->3972 3968->3969 3972->3968 3973 4021cf 3974 402dcb 21 API calls 3973->3974 3975 4021d6 3974->3975 3976 402dcb 21 API calls 3975->3976 3977 4021e0 3976->3977 3978 402dcb 21 API calls 3977->3978 3979 4021ea 3978->3979 3980 402dcb 21 API calls 3979->3980 3981 4021f4 3980->3981 3982 402dcb 21 API calls 3981->3982 3983 4021fe 3982->3983 3984 40223d CoCreateInstance 3983->3984 3985 402dcb 21 API calls 3983->3985 3988 40225c 3984->3988 3985->3984 3986 401423 28 API calls 3987 40231b 3986->3987 3988->3986 3988->3987 3989 401a55 3990 402dcb 21 API calls 3989->3990 3991 401a5e ExpandEnvironmentStringsW 3990->3991 3992 401a72 3991->3992 3994 401a85 3991->3994 3993 401a77 lstrcmpW 3992->3993 3992->3994 3993->3994 3995 404757 lstrcpynW lstrlenW 3996 4014d7 3997 402da9 21 API calls 3996->3997 3998 4014dd Sleep 3997->3998 4000 402c4f 3998->4000 4006 4023d7 4007 4023e5 4006->4007 4008 4023df 4006->4008 4010 4023f3 4007->4010 4011 402dcb 21 API calls 4007->4011 4009 402dcb 21 API calls 4008->4009 4009->4007 4012 402dcb 21 API calls 4010->4012 4014 402401 4010->4014 4011->4010 4012->4014 4013 402dcb 21 API calls 4015 40240a WritePrivateProfileStringW 4013->4015 4014->4013 4016 402459 4017 402461 4016->4017 4018 40248c 4016->4018 4020 402e0b 21 API calls 4017->4020 4019 402dcb 21 API calls 4018->4019 4021 402493 4019->4021 4022 402468 4020->4022 4027 402e89 4021->4027 4024 4024a0 4022->4024 4025 402dcb 21 API calls 4022->4025 4026 402479 RegDeleteValueW RegCloseKey 4025->4026 4026->4024 4028 402e96 4027->4028 4029 402e9d 4027->4029 4028->4024 4029->4028 4031 402ece 4029->4031 4032 40650f RegOpenKeyExW 4031->4032 4033 402efc 4032->4033 4034 402f0c RegEnumValueW 4033->4034 4041 402f2f 4033->4041 4042 402fa6 4033->4042 4035 402f96 RegCloseKey 4034->4035 4034->4041 4035->4042 4036 402f6b RegEnumKeyW 4037 402f74 RegCloseKey 4036->4037 4036->4041 4038 406a96 5 API calls 4037->4038 4040 402f84 4038->4040 4039 402ece 6 API calls 4039->4041 4040->4042 4043 402f88 RegDeleteKeyW 4040->4043 4041->4035 4041->4036 4041->4037 4041->4039 4042->4028 4043->4042 4044 40175a 4045 402dcb 21 API calls 4044->4045 4046 401761 SearchPathW 4045->4046 4047 40177c 4046->4047 4048 401d5d 4049 402da9 21 API calls 4048->4049 4050 401d64 4049->4050 4051 402da9 21 API calls 4050->4051 4052 401d70 GetDlgItem 4051->4052 4053 40265d 4052->4053 4061 4047e0 4063 404912 4061->4063 4065 4047f8 4061->4065 4062 40497c 4064 404a46 4062->4064 4066 404986 GetDlgItem 4062->4066 4063->4062 4063->4064 4070 40494d GetDlgItem SendMessageW 4063->4070 4072 404688 8 API calls 4064->4072 4067 404621 22 API calls 4065->4067 4068 4049a0 4066->4068 4069 404a07 4066->4069 4071 40485f 4067->4071 4068->4069 4077 4049c6 SendMessageW LoadCursorW SetCursor 4068->4077 4069->4064 4073 404a19 4069->4073 4094 404643 EnableWindow 4070->4094 4075 404621 22 API calls 4071->4075 4076 404a41 4072->4076 4078 404a2f 4073->4078 4079 404a1f SendMessageW 4073->4079 4081 40486c CheckDlgButton 4075->4081 4098 404a8f 4077->4098 4078->4076 4083 404a35 SendMessageW 4078->4083 4079->4078 4080 404977 4095 404a6b 4080->4095 4092 404643 EnableWindow 4081->4092 4083->4076 4087 40488a GetDlgItem 4093 404656 SendMessageW 4087->4093 4089 4048a0 SendMessageW 4090 4048c6 SendMessageW SendMessageW lstrlenW SendMessageW SendMessageW 4089->4090 4091 4048bd GetSysColor 4089->4091 4090->4076 4091->4090 4092->4087 4093->4089 4094->4080 4096 404a79 4095->4096 4097 404a7e SendMessageW 4095->4097 4096->4097 4097->4062 4101 405cc8 ShellExecuteExW 4098->4101 4100 4049f5 LoadCursorW SetCursor 4100->4069 4101->4100 4102 402663 4103 402692 4102->4103 4104 402677 4102->4104 4106 4026c2 4103->4106 4107 402697 4103->4107 4105 402da9 21 API calls 4104->4105 4117 40267e 4105->4117 4109 402dcb 21 API calls 4106->4109 4108 402dcb 21 API calls 4107->4108 4110 40269e 4108->4110 4111 4026c9 lstrlenW 4109->4111 4119 4066c4 WideCharToMultiByte 4110->4119 4111->4117 4113 4026b2 lstrlenA 4113->4117 4114 40270c 4115 4026f6 4115->4114 4116 406244 WriteFile 4115->4116 4116->4114 4117->4114 4117->4115 4120 406273 SetFilePointer 4117->4120 4119->4113 4121 40628f 4120->4121 4128 4062a7 4120->4128 4122 406215 ReadFile 4121->4122 4123 40629b 4122->4123 4124 4062b0 SetFilePointer 4123->4124 4125 4062d8 SetFilePointer 4123->4125 4123->4128 4124->4125 4126 4062bb 4124->4126 4125->4128 4127 406244 WriteFile 4126->4127 4127->4128 4128->4115 3559 403665 SetErrorMode GetVersionExW 3560 4036f1 3559->3560 3561 4036b9 GetVersionExW 3559->3561 3562 403748 3560->3562 3563 406a96 5 API calls 3560->3563 3561->3560 3564 406a26 3 API calls 3562->3564 3563->3562 3565 40375e lstrlenA 3564->3565 3565->3562 3566 40376e 3565->3566 3567 406a96 5 API calls 3566->3567 3568 403775 3567->3568 3569 406a96 5 API calls 3568->3569 3570 40377c 3569->3570 3571 406a96 5 API calls 3570->3571 3572 403788 #17 OleInitialize SHGetFileInfoW 3571->3572 3647 4066a2 lstrcpynW 3572->3647 3575 4037d7 GetCommandLineW 3648 4066a2 lstrcpynW 3575->3648 3577 4037e9 3578 405f9e CharNextW 3577->3578 3579 40380f CharNextW 3578->3579 3589 403821 3579->3589 3580 403923 3581 403937 GetTempPathW 3580->3581 3649 403634 3581->3649 3583 40394f 3584 403953 GetWindowsDirectoryW lstrcatW 3583->3584 3585 4039a9 DeleteFileW 3583->3585 3587 403634 12 API calls 3584->3587 3659 4030f5 GetTickCount GetModuleFileNameW 3585->3659 3586 405f9e CharNextW 3586->3589 3590 40396f 3587->3590 3589->3580 3589->3586 3593 403925 3589->3593 3590->3585 3592 403973 GetTempPathW lstrcatW SetEnvironmentVariableW SetEnvironmentVariableW 3590->3592 3591 4039bd 3594 403bb0 ExitProcess CoUninitialize 3591->3594 3601 405f9e CharNextW 3591->3601 3630 403a64 3591->3630 3595 403634 12 API calls 3592->3595 3746 4066a2 lstrcpynW 3593->3746 3596 403bc2 3594->3596 3597 403be6 3594->3597 3599 4039a1 3595->3599 3600 405d02 MessageBoxIndirectW 3596->3600 3602 403c6a ExitProcess 3597->3602 3603 403bee GetCurrentProcess OpenProcessToken 3597->3603 3599->3585 3599->3594 3606 403bd0 ExitProcess 3600->3606 3611 4039dc 3601->3611 3607 403c06 LookupPrivilegeValueW AdjustTokenPrivileges 3603->3607 3608 403c3a 3603->3608 3607->3608 3610 406a96 5 API calls 3608->3610 3621 403c41 3610->3621 3612 403a3a 3611->3612 3613 403a7d 3611->3613 3616 406079 18 API calls 3612->3616 3749 405c6d 3613->3749 3615 403c56 ExitWindowsEx 3615->3602 3618 403c63 3615->3618 3619 403a46 3616->3619 3763 40140b 3618->3763 3619->3594 3747 4066a2 lstrcpynW 3619->3747 3621->3615 3621->3618 3623 403a9c 3625 403aa5 3623->3625 3644 403ab4 3623->3644 3753 4066a2 lstrcpynW 3625->3753 3626 403a59 3748 4066a2 lstrcpynW 3626->3748 3629 403ada wsprintfW 3631 4066df 21 API calls 3629->3631 3689 403d74 3630->3689 3631->3644 3634 403b50 SetCurrentDirectoryW 3637 406462 40 API calls 3634->3637 3635 403b16 GetFileAttributesW 3636 403b22 DeleteFileW 3635->3636 3635->3644 3636->3644 3639 403b5f CopyFileW 3637->3639 3638 403b4e 3638->3594 3639->3638 3639->3644 3640 405dae 71 API calls 3640->3644 3641 406462 40 API calls 3641->3644 3642 4066df 21 API calls 3642->3644 3644->3629 3644->3634 3644->3635 3644->3638 3644->3640 3644->3641 3644->3642 3645 403bd8 CloseHandle 3644->3645 3646 4069ff 2 API calls 3644->3646 3754 405bf6 CreateDirectoryW 3644->3754 3757 405c50 CreateDirectoryW 3644->3757 3760 405c85 CreateProcessW 3644->3760 3645->3638 3646->3644 3647->3575 3648->3577 3650 406950 5 API calls 3649->3650 3652 403640 3650->3652 3651 40364a 3651->3583 3652->3651 3653 405f71 3 API calls 3652->3653 3654 403652 3653->3654 3655 405c50 2 API calls 3654->3655 3656 403658 3655->3656 3766 4061c1 3656->3766 3770 406192 GetFileAttributesW CreateFileW 3659->3770 3661 403138 3688 403145 3661->3688 3771 4066a2 lstrcpynW 3661->3771 3663 40315b 3664 405fbd 2 API calls 3663->3664 3665 403161 3664->3665 3772 4066a2 lstrcpynW 3665->3772 3667 40316c GetFileSize 3668 403266 3667->3668 3687 403183 3667->3687 3669 403053 36 API calls 3668->3669 3670 40326f 3669->3670 3672 4032ab GlobalAlloc 3670->3672 3670->3688 3774 40361d SetFilePointer 3670->3774 3671 403607 ReadFile 3671->3687 3674 4032c2 3672->3674 3673 403303 3676 403053 36 API calls 3673->3676 3678 4061c1 2 API calls 3674->3678 3676->3688 3677 40328c 3679 403607 ReadFile 3677->3679 3682 4032d3 CreateFileW 3678->3682 3681 403297 3679->3681 3680 403053 36 API calls 3680->3687 3681->3672 3681->3688 3683 40330d 3682->3683 3682->3688 3773 40361d SetFilePointer 3683->3773 3685 40331b 3686 403396 48 API calls 3685->3686 3686->3688 3687->3668 3687->3671 3687->3673 3687->3680 3687->3688 3688->3591 3690 406a96 5 API calls 3689->3690 3691 403d88 3690->3691 3692 403da0 3691->3692 3693 403d8e 3691->3693 3694 406570 3 API calls 3692->3694 3783 4065e9 wsprintfW 3693->3783 3695 403dd0 3694->3695 3697 403def lstrcatW 3695->3697 3699 406570 3 API calls 3695->3699 3698 403d9e 3697->3698 3775 40404a 3698->3775 3699->3697 3702 406079 18 API calls 3703 403e21 3702->3703 3704 403eb5 3703->3704 3706 406570 3 API calls 3703->3706 3705 406079 18 API calls 3704->3705 3707 403ebb 3705->3707 3713 403e53 3706->3713 3708 403ecb LoadImageW 3707->3708 3709 4066df 21 API calls 3707->3709 3710 403f71 3708->3710 3711 403ef2 RegisterClassW 3708->3711 3709->3708 3715 40140b 2 API calls 3710->3715 3714 403f28 SystemParametersInfoW CreateWindowExW 3711->3714 3744 403a74 3711->3744 3712 403e74 lstrlenW 3717 403e82 lstrcmpiW 3712->3717 3718 403ea8 3712->3718 3713->3704 3713->3712 3716 405f9e CharNextW 3713->3716 3714->3710 3719 403f77 3715->3719 3721 403e71 3716->3721 3717->3718 3722 403e92 GetFileAttributesW 3717->3722 3720 405f71 3 API calls 3718->3720 3723 40404a 22 API calls 3719->3723 3719->3744 3724 403eae 3720->3724 3721->3712 3725 403e9e 3722->3725 3727 403f88 3723->3727 3784 4066a2 lstrcpynW 3724->3784 3725->3718 3726 405fbd 2 API calls 3725->3726 3726->3718 3729 403f94 ShowWindow 3727->3729 3730 404017 3727->3730 3732 406a26 3 API calls 3729->3732 3785 4057fa OleInitialize 3730->3785 3734 403fac 3732->3734 3733 40401d 3735 404021 3733->3735 3736 404039 3733->3736 3737 403fba GetClassInfoW 3734->3737 3739 406a26 3 API calls 3734->3739 3742 40140b 2 API calls 3735->3742 3735->3744 3738 40140b 2 API calls 3736->3738 3740 403fe4 DialogBoxParamW 3737->3740 3741 403fce GetClassInfoW RegisterClassW 3737->3741 3738->3744 3739->3737 3743 40140b 2 API calls 3740->3743 3741->3740 3742->3744 3745 40400c 3743->3745 3744->3594 3745->3744 3746->3581 3747->3626 3748->3630 3750 406a96 5 API calls 3749->3750 3751 403a82 lstrlenW 3750->3751 3752 4066a2 lstrcpynW 3751->3752 3752->3623 3753->3644 3755 405c42 3754->3755 3756 405c46 GetLastError 3754->3756 3755->3644 3756->3755 3758 405c60 3757->3758 3759 405c64 GetLastError 3757->3759 3758->3644 3759->3758 3761 405cc4 3760->3761 3762 405cb8 CloseHandle 3760->3762 3761->3644 3762->3761 3764 401389 2 API calls 3763->3764 3765 401420 3764->3765 3765->3602 3767 4061ce GetTickCount GetTempFileNameW 3766->3767 3768 403663 3767->3768 3769 406204 3767->3769 3768->3583 3769->3767 3769->3768 3770->3661 3771->3663 3772->3667 3773->3685 3774->3677 3776 40405e 3775->3776 3792 4065e9 wsprintfW 3776->3792 3778 4040cf 3793 404103 3778->3793 3780 403dff 3780->3702 3781 4040d4 3781->3780 3782 4066df 21 API calls 3781->3782 3782->3781 3783->3698 3784->3704 3796 40466d 3785->3796 3787 40581d 3791 405844 3787->3791 3799 401389 3787->3799 3788 40466d SendMessageW 3789 405856 OleUninitialize 3788->3789 3789->3733 3791->3788 3792->3778 3794 4066df 21 API calls 3793->3794 3795 404111 SetWindowTextW 3794->3795 3795->3781 3797 404685 3796->3797 3798 404676 SendMessageW 3796->3798 3797->3787 3798->3797 3801 401390 3799->3801 3800 4013fe 3800->3787 3801->3800 3802 4013cb MulDiv SendMessageW 3801->3802 3802->3801 3803 4015e6 3804 402dcb 21 API calls 3803->3804 3805 4015ed 3804->3805 3806 40601c 4 API calls 3805->3806 3807 4015f6 3806->3807 3808 401656 3807->3808 3809 405f9e CharNextW 3807->3809 3816 405c50 2 API calls 3807->3816 3817 405c6d 5 API calls 3807->3817 3820 40161f 3807->3820 3821 40163c GetFileAttributesW 3807->3821 3810 401688 3808->3810 3811 40165b 3808->3811 3809->3807 3813 401423 28 API calls 3810->3813 3823 401423 3811->3823 3819 401680 3813->3819 3816->3807 3817->3807 3818 40166f SetCurrentDirectoryW 3818->3819 3820->3807 3822 405bf6 2 API calls 3820->3822 3821->3807 3822->3820 3824 405727 28 API calls 3823->3824 3825 401431 3824->3825 3826 4066a2 lstrcpynW 3825->3826 3826->3818 4129 405866 4130 405a10 4129->4130 4131 405887 GetDlgItem GetDlgItem GetDlgItem 4129->4131 4133 405a41 4130->4133 4134 405a19 GetDlgItem CreateThread CloseHandle 4130->4134 4174 404656 SendMessageW 4131->4174 4136 405a6c 4133->4136 4138 405a91 4133->4138 4139 405a58 ShowWindow ShowWindow 4133->4139 4134->4133 4135 4058f7 4143 4058fe GetClientRect GetSystemMetrics SendMessageW SendMessageW 4135->4143 4137 405acc 4136->4137 4140 405a80 4136->4140 4141 405aa6 ShowWindow 4136->4141 4137->4138 4151 405ada SendMessageW 4137->4151 4142 404688 8 API calls 4138->4142 4176 404656 SendMessageW 4139->4176 4177 4045fa 4140->4177 4147 405ac6 4141->4147 4148 405ab8 4141->4148 4146 405a9f 4142->4146 4149 405950 SendMessageW SendMessageW 4143->4149 4150 40596c 4143->4150 4153 4045fa SendMessageW 4147->4153 4152 405727 28 API calls 4148->4152 4149->4150 4154 405971 SendMessageW 4150->4154 4155 40597f 4150->4155 4151->4146 4156 405af3 CreatePopupMenu 4151->4156 4152->4147 4153->4137 4154->4155 4158 404621 22 API calls 4155->4158 4157 4066df 21 API calls 4156->4157 4159 405b03 AppendMenuW 4157->4159 4160 40598f 4158->4160 4161 405b20 GetWindowRect 4159->4161 4162 405b33 TrackPopupMenu 4159->4162 4163 405998 ShowWindow 4160->4163 4164 4059cc GetDlgItem SendMessageW 4160->4164 4161->4162 4162->4146 4165 405b4e 4162->4165 4166 4059bb 4163->4166 4167 4059ae ShowWindow 4163->4167 4164->4146 4168 4059f3 SendMessageW SendMessageW 4164->4168 4169 405b6a SendMessageW 4165->4169 4175 404656 SendMessageW 4166->4175 4167->4166 4168->4146 4169->4169 4170 405b87 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 4169->4170 4172 405bac SendMessageW 4170->4172 4172->4172 4173 405bd5 GlobalUnlock SetClipboardData CloseClipboard 4172->4173 4173->4146 4174->4135 4175->4164 4176->4136 4178 404601 4177->4178 4179 404607 SendMessageW 4177->4179 4178->4179 4179->4138 4186 404e68 4187 404e94 4186->4187 4188 404e78 4186->4188 4190 404ec7 4187->4190 4191 404e9a SHGetPathFromIDListW 4187->4191 4197 405ce6 GetDlgItemTextW 4188->4197 4193 404eb1 SendMessageW 4191->4193 4194 404eaa 4191->4194 4192 404e85 SendMessageW 4192->4187 4193->4190 4195 40140b 2 API calls 4194->4195 4195->4193 4197->4192 4198 401c68 4199 402da9 21 API calls 4198->4199 4200 401c6f 4199->4200 4201 402da9 21 API calls 4200->4201 4202 401c7c 4201->4202 4203 401c91 4202->4203 4204 402dcb 21 API calls 4202->4204 4205 401ca1 4203->4205 4206 402dcb 21 API calls 4203->4206 4204->4203 4207 401cf8 4205->4207 4208 401cac 4205->4208 4206->4205 4209 402dcb 21 API calls 4207->4209 4210 402da9 21 API calls 4208->4210 4211 401cfd 4209->4211 4212 401cb1 4210->4212 4213 402dcb 21 API calls 4211->4213 4214 402da9 21 API calls 4212->4214 4215 401d06 FindWindowExW 4213->4215 4216 401cbd 4214->4216 4219 401d28 4215->4219 4217 401ce8 SendMessageW 4216->4217 4218 401cca SendMessageTimeoutW 4216->4218 4217->4219 4218->4219 4220 4028e9 4221 4028ef 4220->4221 4222 4028f7 FindClose 4221->4222 4223 402c4f 4221->4223 4222->4223 4224 4016f1 4225 402dcb 21 API calls 4224->4225 4226 4016f7 GetFullPathNameW 4225->4226 4227 401711 4226->4227 4233 401733 4226->4233 4230 4069ff 2 API calls 4227->4230 4227->4233 4228 401748 GetShortPathNameW 4229 402c4f 4228->4229 4231 401723 4230->4231 4231->4233 4234 4066a2 lstrcpynW 4231->4234 4233->4228 4233->4229 4234->4233 4235 401e73 GetDC 4236 402da9 21 API calls 4235->4236 4237 401e85 GetDeviceCaps MulDiv ReleaseDC 4236->4237 4238 402da9 21 API calls 4237->4238 4239 401eb6 4238->4239 4240 4066df 21 API calls 4239->4240 4241 401ef3 CreateFontIndirectW 4240->4241 4242 40265d 4241->4242 4243 402975 4244 402dcb 21 API calls 4243->4244 4245 402981 4244->4245 4246 402997 4245->4246 4247 402dcb 21 API calls 4245->4247 4248 40616d 2 API calls 4246->4248 4247->4246 4249 40299d 4248->4249 4271 406192 GetFileAttributesW CreateFileW 4249->4271 4251 4029aa 4252 402a60 4251->4252 4253 4029c5 GlobalAlloc 4251->4253 4254 402a48 4251->4254 4255 402a67 DeleteFileW 4252->4255 4256 402a7a 4252->4256 4253->4254 4257 4029de 4253->4257 4258 403396 48 API calls 4254->4258 4255->4256 4272 40361d SetFilePointer 4257->4272 4260 402a55 CloseHandle 4258->4260 4260->4252 4261 4029e4 4262 403607 ReadFile 4261->4262 4263 4029ed GlobalAlloc 4262->4263 4264 402a31 4263->4264 4265 4029fd 4263->4265 4266 406244 WriteFile 4264->4266 4267 403396 48 API calls 4265->4267 4268 402a3d GlobalFree 4266->4268 4270 402a0a 4267->4270 4268->4254 4269 402a28 GlobalFree 4269->4264 4270->4269 4271->4251 4272->4261 4273 4014f5 SetForegroundWindow 4274 402c4f 4273->4274 4289 40197b 4290 402dcb 21 API calls 4289->4290 4291 401982 lstrlenW 4290->4291 4292 40265d 4291->4292 4300 4020fd 4301 4021c1 4300->4301 4302 40210f 4300->4302 4304 401423 28 API calls 4301->4304 4303 402dcb 21 API calls 4302->4303 4305 402116 4303->4305 4310 40231b 4304->4310 4306 402dcb 21 API calls 4305->4306 4307 40211f 4306->4307 4308 402135 LoadLibraryExW 4307->4308 4309 402127 GetModuleHandleW 4307->4309 4308->4301 4311 402146 4308->4311 4309->4308 4309->4311 4320 406b05 4311->4320 4314 402190 4315 405727 28 API calls 4314->4315 4317 402167 4315->4317 4316 402157 4316->4317 4318 401423 28 API calls 4316->4318 4317->4310 4319 4021b3 FreeLibrary 4317->4319 4318->4317 4319->4310 4325 4066c4 WideCharToMultiByte 4320->4325 4322 406b22 4323 406b29 GetProcAddress 4322->4323 4324 402151 4322->4324 4323->4324 4324->4314 4324->4316 4325->4322 4326 402b7e 4327 402bd0 4326->4327 4328 402b85 4326->4328 4329 406a96 5 API calls 4327->4329 4331 402da9 21 API calls 4328->4331 4332 402bce 4328->4332 4330 402bd7 4329->4330 4333 402dcb 21 API calls 4330->4333 4334 402b93 4331->4334 4335 402be0 4333->4335 4336 402da9 21 API calls 4334->4336 4335->4332 4337 402be4 IIDFromString 4335->4337 4339 402b9f 4336->4339 4337->4332 4338 402bf3 4337->4338 4338->4332 4344 4066a2 lstrcpynW 4338->4344 4343 4065e9 wsprintfW 4339->4343 4341 402c10 CoTaskMemFree 4341->4332 4343->4332 4344->4341 4345 401000 4346 401037 BeginPaint GetClientRect 4345->4346 4347 40100c DefWindowProcW 4345->4347 4349 4010f3 4346->4349 4350 401179 4347->4350 4351 401073 CreateBrushIndirect FillRect DeleteObject 4349->4351 4352 4010fc 4349->4352 4351->4349 4353 401102 CreateFontIndirectW 4352->4353 4354 401167 EndPaint 4352->4354 4353->4354 4355 401112 6 API calls 4353->4355 4354->4350 4355->4354 4356 402a80 4357 402da9 21 API calls 4356->4357 4358 402a86 4357->4358 4359 402ac9 4358->4359 4360 402aad 4358->4360 4364 402953 4358->4364 4362 402ae3 4359->4362 4363 402ad3 4359->4363 4361 402ab2 4360->4361 4369 402ac3 4360->4369 4370 4066a2 lstrcpynW 4361->4370 4366 4066df 21 API calls 4362->4366 4365 402da9 21 API calls 4363->4365 4365->4369 4366->4369 4369->4364 4371 4065e9 wsprintfW 4369->4371 4370->4364 4371->4364 4372 401781 4373 402dcb 21 API calls 4372->4373 4374 401788 4373->4374 4375 4061c1 2 API calls 4374->4375 4376 40178f 4375->4376 4376->4376 3248 403c82 3249 403c93 CloseHandle 3248->3249 3250 403c9d 3248->3250 3249->3250 3251 403cb1 3250->3251 3252 403ca7 CloseHandle 3250->3252 3257 403cdf 3251->3257 3252->3251 3258 403ced 3257->3258 3259 403cb6 3258->3259 3260 403cf2 FreeLibrary GlobalFree 3258->3260 3261 405dae 3259->3261 3260->3259 3260->3260 3297 406079 3261->3297 3264 405dd6 DeleteFileW 3271 403cc2 3264->3271 3265 405ded 3268 405f0d 3265->3268 3312 4066a2 lstrcpynW 3265->3312 3267 405e13 3269 405e26 3267->3269 3270 405e19 lstrcatW 3267->3270 3268->3271 3341 4069ff FindFirstFileW 3268->3341 3313 405fbd lstrlenW 3269->3313 3272 405e2c 3270->3272 3275 405e3c lstrcatW 3272->3275 3277 405e47 lstrlenW FindFirstFileW 3272->3277 3275->3277 3277->3268 3295 405e69 3277->3295 3280 405ef0 FindNextFileW 3283 405f06 FindClose 3280->3283 3280->3295 3281 405d66 5 API calls 3284 405f48 3281->3284 3283->3268 3285 405f62 3284->3285 3286 405f4c 3284->3286 3288 405727 28 API calls 3285->3288 3286->3271 3289 405727 28 API calls 3286->3289 3288->3271 3291 405f59 3289->3291 3290 405dae 64 API calls 3290->3295 3292 406462 40 API calls 3291->3292 3292->3271 3293 405727 28 API calls 3293->3280 3295->3280 3295->3290 3295->3293 3317 4066a2 lstrcpynW 3295->3317 3318 405d66 3295->3318 3326 405727 3295->3326 3337 406462 MoveFileExW 3295->3337 3347 4066a2 lstrcpynW 3297->3347 3299 40608a 3348 40601c CharNextW CharNextW 3299->3348 3302 405dce 3302->3264 3302->3265 3305 4060b7 3305->3302 3306 4060d1 lstrlenW 3305->3306 3309 4069ff 2 API calls 3305->3309 3311 405fbd 2 API calls 3305->3311 3306->3305 3307 4060dc 3306->3307 3308 405f71 3 API calls 3307->3308 3310 4060e1 GetFileAttributesW 3308->3310 3309->3305 3310->3302 3311->3306 3312->3267 3314 405fcb 3313->3314 3315 405fd1 CharPrevW 3314->3315 3316 405fdd 3314->3316 3315->3314 3315->3316 3316->3272 3317->3295 3367 40616d GetFileAttributesW 3318->3367 3321 405d93 3321->3295 3322 405d81 RemoveDirectoryW 3324 405d8f 3322->3324 3323 405d89 DeleteFileW 3323->3324 3324->3321 3325 405d9f SetFileAttributesW 3324->3325 3325->3321 3327 405742 3326->3327 3336 4057e4 3326->3336 3328 40575e lstrlenW 3327->3328 3370 4066df 3327->3370 3330 405787 3328->3330 3331 40576c lstrlenW 3328->3331 3332 40579a 3330->3332 3333 40578d SetWindowTextW 3330->3333 3334 40577e lstrcatW 3331->3334 3331->3336 3335 4057a0 SendMessageW SendMessageW SendMessageW 3332->3335 3332->3336 3333->3332 3334->3330 3335->3336 3336->3295 3338 406483 3337->3338 3339 406476 3337->3339 3338->3295 3408 4062e8 3339->3408 3342 405f32 3341->3342 3343 406a15 FindClose 3341->3343 3342->3271 3344 405f71 lstrlenW CharPrevW 3342->3344 3343->3342 3345 405f3c 3344->3345 3346 405f8d lstrcatW 3344->3346 3345->3281 3346->3345 3347->3299 3349 406039 3348->3349 3352 40604b 3348->3352 3351 406046 CharNextW 3349->3351 3349->3352 3350 40606f 3350->3302 3354 406950 3350->3354 3351->3350 3352->3350 3363 405f9e 3352->3363 3361 40695d 3354->3361 3355 4069d3 3356 4069d8 CharPrevW 3355->3356 3359 4060a0 3355->3359 3356->3355 3357 4069c6 CharNextW 3357->3355 3357->3361 3358 405f9e CharNextW 3358->3361 3359->3302 3359->3305 3360 4069b2 CharNextW 3360->3361 3361->3355 3361->3357 3361->3358 3361->3360 3362 4069c1 CharNextW 3361->3362 3362->3357 3364 405fa4 3363->3364 3365 405fba 3364->3365 3366 405fab CharNextW 3364->3366 3365->3352 3366->3364 3368 405d72 3367->3368 3369 40617f SetFileAttributesW 3367->3369 3368->3321 3368->3322 3368->3323 3369->3368 3374 4066ea 3370->3374 3371 406931 3372 40694a 3371->3372 3400 4066a2 lstrcpynW 3371->3400 3372->3328 3374->3371 3375 406902 lstrlenW 3374->3375 3376 4066df 15 API calls 3374->3376 3380 4067fb GetSystemDirectoryW 3374->3380 3381 406811 GetWindowsDirectoryW 3374->3381 3382 4068a3 lstrcatW 3374->3382 3383 406950 5 API calls 3374->3383 3384 4066df 15 API calls 3374->3384 3386 406873 SHGetPathFromIDListW CoTaskMemFree 3374->3386 3387 406570 3374->3387 3392 406a96 GetModuleHandleA 3374->3392 3398 4065e9 wsprintfW 3374->3398 3399 4066a2 lstrcpynW 3374->3399 3375->3374 3376->3375 3380->3374 3381->3374 3382->3374 3383->3374 3384->3374 3386->3374 3401 40650f 3387->3401 3390 4065a4 RegQueryValueExW RegCloseKey 3391 4065d4 3390->3391 3391->3374 3393 406ab2 3392->3393 3394 406abc GetProcAddress 3392->3394 3405 406a26 GetSystemDirectoryW 3393->3405 3397 406acb 3394->3397 3396 406ab8 3396->3394 3396->3397 3397->3374 3398->3374 3399->3374 3400->3372 3402 40651e 3401->3402 3403 406522 3402->3403 3404 406527 RegOpenKeyExW 3402->3404 3403->3390 3403->3391 3404->3403 3406 406a48 wsprintfW LoadLibraryExW 3405->3406 3406->3396 3409 406318 3408->3409 3410 40633e GetShortPathNameW 3408->3410 3435 406192 GetFileAttributesW CreateFileW 3409->3435 3412 406353 3410->3412 3413 40645d 3410->3413 3412->3413 3414 40635b wsprintfA 3412->3414 3413->3338 3416 4066df 21 API calls 3414->3416 3415 406322 CloseHandle GetShortPathNameW 3415->3413 3417 406336 3415->3417 3418 406383 3416->3418 3417->3410 3417->3413 3436 406192 GetFileAttributesW CreateFileW 3418->3436 3420 406390 3420->3413 3421 40639f GetFileSize GlobalAlloc 3420->3421 3422 4063c1 3421->3422 3423 406456 CloseHandle 3421->3423 3437 406215 ReadFile 3422->3437 3423->3413 3428 4063e0 lstrcpyA 3431 406402 3428->3431 3429 4063f4 3430 4060f7 4 API calls 3429->3430 3430->3431 3432 406439 SetFilePointer 3431->3432 3444 406244 WriteFile 3432->3444 3435->3415 3436->3420 3438 406233 3437->3438 3438->3423 3439 4060f7 lstrlenA 3438->3439 3440 406138 lstrlenA 3439->3440 3441 406140 3440->3441 3442 406111 lstrcmpiA 3440->3442 3441->3428 3441->3429 3442->3441 3443 40612f CharNextA 3442->3443 3443->3440 3445 406262 GlobalFree 3444->3445 3445->3423 4377 401d82 4378 402da9 21 API calls 4377->4378 4379 401d93 SetWindowLongW 4378->4379 4380 402c4f 4379->4380 4381 401503 4382 401508 4381->4382 4383 40152e 4381->4383 4384 402da9 21 API calls 4382->4384 4384->4383 4385 402903 4386 40290b 4385->4386 4387 40290f FindNextFileW 4386->4387 4389 402921 4386->4389 4388 402968 4387->4388 4387->4389 4391 4066a2 lstrcpynW 4388->4391 4391->4389 4392 401588 4393 402bc9 4392->4393 4396 4065e9 wsprintfW 4393->4396 4395 402bce 4396->4395 3848 401389 3850 401390 3848->3850 3849 4013fe 3850->3849 3851 4013cb MulDiv SendMessageW 3850->3851 3851->3850 4404 40198d 4405 402da9 21 API calls 4404->4405 4406 401994 4405->4406 4407 402da9 21 API calls 4406->4407 4408 4019a1 4407->4408 4409 402dcb 21 API calls 4408->4409 4410 4019b8 lstrlenW 4409->4410 4412 4019c9 4410->4412 4411 401a0a 4412->4411 4416 4066a2 lstrcpynW 4412->4416 4414 4019fa 4414->4411 4415 4019ff lstrlenW 4414->4415 4415->4411 4416->4414 4417 40508e GetDlgItem GetDlgItem 4418 4050e0 7 API calls 4417->4418 4429 405305 4417->4429 4419 405187 DeleteObject 4418->4419 4420 40517a SendMessageW 4418->4420 4421 405190 4419->4421 4420->4419 4423 4051c7 4421->4423 4424 4066df 21 API calls 4421->4424 4422 4053e7 4426 405493 4422->4426 4432 405440 SendMessageW 4422->4432 4460 4052f8 4422->4460 4425 404621 22 API calls 4423->4425 4430 4051a9 SendMessageW SendMessageW 4424->4430 4431 4051db 4425->4431 4427 4054a5 4426->4427 4428 40549d SendMessageW 4426->4428 4440 4054b7 ImageList_Destroy 4427->4440 4441 4054be 4427->4441 4445 4054ce 4427->4445 4428->4427 4429->4422 4448 405374 4429->4448 4471 404fdc SendMessageW 4429->4471 4430->4421 4436 404621 22 API calls 4431->4436 4438 405455 SendMessageW 4432->4438 4432->4460 4433 4053d9 SendMessageW 4433->4422 4434 404688 8 API calls 4439 405694 4434->4439 4449 4051ec 4436->4449 4437 405648 4446 40565a ShowWindow GetDlgItem ShowWindow 4437->4446 4437->4460 4443 405468 4438->4443 4440->4441 4444 4054c7 GlobalFree 4441->4444 4441->4445 4442 4052c7 GetWindowLongW SetWindowLongW 4447 4052e0 4442->4447 4454 405479 SendMessageW 4443->4454 4444->4445 4445->4437 4463 405509 4445->4463 4476 40505c 4445->4476 4446->4460 4450 4052e5 ShowWindow 4447->4450 4451 4052fd 4447->4451 4448->4422 4448->4433 4449->4442 4453 40523f SendMessageW 4449->4453 4455 4052c2 4449->4455 4457 405291 SendMessageW 4449->4457 4458 40527d SendMessageW 4449->4458 4469 404656 SendMessageW 4450->4469 4470 404656 SendMessageW 4451->4470 4453->4449 4454->4426 4455->4442 4455->4447 4457->4449 4458->4449 4460->4434 4461 405613 4462 40561e InvalidateRect 4461->4462 4465 40562a 4461->4465 4462->4465 4464 405537 SendMessageW 4463->4464 4468 40554d 4463->4468 4464->4468 4465->4437 4485 404f97 4465->4485 4467 4055c1 SendMessageW SendMessageW 4467->4468 4468->4461 4468->4467 4469->4460 4470->4429 4472 40503b SendMessageW 4471->4472 4473 404fff GetMessagePos ScreenToClient SendMessageW 4471->4473 4474 405033 4472->4474 4473->4474 4475 405038 4473->4475 4474->4448 4475->4472 4488 4066a2 lstrcpynW 4476->4488 4478 40506f 4489 4065e9 wsprintfW 4478->4489 4480 405079 4481 40140b 2 API calls 4480->4481 4482 405082 4481->4482 4490 4066a2 lstrcpynW 4482->4490 4484 405089 4484->4463 4491 404ece 4485->4491 4487 404fac 4487->4437 4488->4478 4489->4480 4490->4484 4492 404ee7 4491->4492 4493 4066df 21 API calls 4492->4493 4494 404f4b 4493->4494 4495 4066df 21 API calls 4494->4495 4496 404f56 4495->4496 4497 4066df 21 API calls 4496->4497 4498 404f6c lstrlenW wsprintfW SetDlgItemTextW 4497->4498 4498->4487 4499 40168f 4500 402dcb 21 API calls 4499->4500 4501 401695 4500->4501 4502 4069ff 2 API calls 4501->4502 4503 40169b 4502->4503 4504 402b10 4505 402da9 21 API calls 4504->4505 4507 402b16 4505->4507 4506 4066df 21 API calls 4508 402953 4506->4508 4507->4506 4507->4508 4509 402711 4510 402da9 21 API calls 4509->4510 4518 402720 4510->4518 4511 40285d 4512 40276a ReadFile 4512->4511 4512->4518 4513 406215 ReadFile 4513->4518 4514 406273 5 API calls 4514->4518 4515 4027aa MultiByteToWideChar 4515->4518 4516 40285f 4522 4065e9 wsprintfW 4516->4522 4518->4511 4518->4512 4518->4513 4518->4514 4518->4515 4518->4516 4519 4027d0 SetFilePointer MultiByteToWideChar 4518->4519 4520 402870 4518->4520 4519->4518 4520->4511 4521 402891 SetFilePointer 4520->4521 4521->4511 4522->4511 4523 404791 lstrlenW 4524 4047b0 4523->4524 4525 4047b2 WideCharToMultiByte 4523->4525 4524->4525 4526 401491 4527 405727 28 API calls 4526->4527 4528 401498 4527->4528 4529 404b12 4530 404b3e 4529->4530 4531 404b4f 4529->4531 4590 405ce6 GetDlgItemTextW 4530->4590 4532 404b5b GetDlgItem 4531->4532 4539 404bba 4531->4539 4534 404b6f 4532->4534 4538 404b83 SetWindowTextW 4534->4538 4542 40601c 4 API calls 4534->4542 4535 404c9e 4588 404e4d 4535->4588 4592 405ce6 GetDlgItemTextW 4535->4592 4536 404b49 4537 406950 5 API calls 4536->4537 4537->4531 4543 404621 22 API calls 4538->4543 4539->4535 4544 4066df 21 API calls 4539->4544 4539->4588 4541 404688 8 API calls 4546 404e61 4541->4546 4547 404b79 4542->4547 4548 404b9f 4543->4548 4549 404c2e SHBrowseForFolderW 4544->4549 4545 404cce 4550 406079 18 API calls 4545->4550 4547->4538 4554 405f71 3 API calls 4547->4554 4551 404621 22 API calls 4548->4551 4549->4535 4552 404c46 CoTaskMemFree 4549->4552 4553 404cd4 4550->4553 4555 404bad 4551->4555 4556 405f71 3 API calls 4552->4556 4593 4066a2 lstrcpynW 4553->4593 4554->4538 4591 404656 SendMessageW 4555->4591 4558 404c53 4556->4558 4561 404c8a SetDlgItemTextW 4558->4561 4565 4066df 21 API calls 4558->4565 4560 404bb3 4564 406a96 5 API calls 4560->4564 4561->4535 4562 404ceb 4563 406a96 5 API calls 4562->4563 4572 404cf2 4563->4572 4564->4539 4566 404c72 lstrcmpiW 4565->4566 4566->4561 4568 404c83 lstrcatW 4566->4568 4567 404d33 4594 4066a2 lstrcpynW 4567->4594 4568->4561 4570 404d3a 4571 40601c 4 API calls 4570->4571 4573 404d40 GetDiskFreeSpaceW 4571->4573 4572->4567 4576 405fbd 2 API calls 4572->4576 4577 404d8b 4572->4577 4575 404d64 MulDiv 4573->4575 4573->4577 4575->4577 4576->4572 4578 404dfc 4577->4578 4580 404f97 24 API calls 4577->4580 4579 404e1f 4578->4579 4581 40140b 2 API calls 4578->4581 4595 404643 EnableWindow 4579->4595 4582 404de9 4580->4582 4581->4579 4583 404dfe SetDlgItemTextW 4582->4583 4584 404dee 4582->4584 4583->4578 4586 404ece 24 API calls 4584->4586 4586->4578 4587 404e3b 4587->4588 4589 404a6b SendMessageW 4587->4589 4588->4541 4589->4588 4590->4536 4591->4560 4592->4545 4593->4562 4594->4570 4595->4587 3446 401794 3485 402dcb 3446->3485 3448 40179b 3449 4017c3 3448->3449 3450 4017bb 3448->3450 3508 4066a2 lstrcpynW 3449->3508 3507 4066a2 lstrcpynW 3450->3507 3453 4017ce 3455 405f71 3 API calls 3453->3455 3454 4017c1 3457 406950 5 API calls 3454->3457 3456 4017d4 lstrcatW 3455->3456 3456->3454 3475 4017e0 3457->3475 3458 4017e6 3459 4069ff 2 API calls 3458->3459 3462 4017f2 CompareFileTime 3458->3462 3458->3475 3459->3458 3460 40616d 2 API calls 3460->3475 3462->3458 3463 4018b2 3465 405727 28 API calls 3463->3465 3464 401889 3467 405727 28 API calls 3464->3467 3474 40189e 3464->3474 3466 4018bc 3465->3466 3492 403396 3466->3492 3467->3474 3468 4066a2 lstrcpynW 3468->3475 3471 4018e3 SetFileTime 3473 4018f5 CloseHandle 3471->3473 3472 4066df 21 API calls 3472->3475 3473->3474 3476 401906 3473->3476 3475->3458 3475->3460 3475->3463 3475->3464 3475->3468 3475->3472 3491 406192 GetFileAttributesW CreateFileW 3475->3491 3509 405d02 3475->3509 3477 40190b 3476->3477 3478 40191e 3476->3478 3479 4066df 21 API calls 3477->3479 3480 4066df 21 API calls 3478->3480 3482 401913 lstrcatW 3479->3482 3483 401926 3480->3483 3482->3483 3484 405d02 MessageBoxIndirectW 3483->3484 3484->3474 3486 402dd7 3485->3486 3487 4066df 21 API calls 3486->3487 3488 402df8 3487->3488 3489 402e04 3488->3489 3490 406950 5 API calls 3488->3490 3489->3448 3490->3489 3491->3475 3493 4033c1 3492->3493 3494 4033a5 SetFilePointer 3492->3494 3513 40349e GetTickCount 3493->3513 3494->3493 3497 406215 ReadFile 3498 4033e1 3497->3498 3499 40349e 46 API calls 3498->3499 3501 4018cf 3498->3501 3500 4033f8 3499->3500 3500->3501 3502 403464 ReadFile 3500->3502 3504 403407 3500->3504 3501->3471 3501->3473 3502->3501 3504->3501 3505 406215 ReadFile 3504->3505 3506 406244 WriteFile 3504->3506 3505->3504 3506->3504 3507->3454 3508->3453 3510 405d17 3509->3510 3511 405d63 3510->3511 3512 405d2b MessageBoxIndirectW 3510->3512 3511->3475 3512->3511 3514 4035f6 3513->3514 3515 4034cc 3513->3515 3516 403053 36 API calls 3514->3516 3526 40361d SetFilePointer 3515->3526 3518 4033c8 3516->3518 3518->3497 3518->3501 3519 4034d7 SetFilePointer 3523 4034fc 3519->3523 3523->3518 3524 406244 WriteFile 3523->3524 3525 4035d7 SetFilePointer 3523->3525 3527 403607 3523->3527 3530 406c11 3523->3530 3537 403053 3523->3537 3524->3523 3525->3514 3526->3519 3528 406215 ReadFile 3527->3528 3529 40361a 3528->3529 3529->3523 3531 406c36 3530->3531 3532 406c3e 3530->3532 3531->3523 3532->3531 3533 406cc5 GlobalFree 3532->3533 3534 406cce GlobalAlloc 3532->3534 3535 406d45 GlobalAlloc 3532->3535 3536 406d3c GlobalFree 3532->3536 3533->3534 3534->3531 3534->3532 3535->3531 3535->3532 3536->3535 3538 403064 3537->3538 3539 40307c 3537->3539 3540 403074 3538->3540 3541 40306d DestroyWindow 3538->3541 3542 403084 3539->3542 3543 40308c GetTickCount 3539->3543 3540->3523 3541->3540 3552 406ad2 3542->3552 3543->3540 3545 40309a 3543->3545 3546 4030a2 3545->3546 3547 4030cf CreateDialogParamW ShowWindow 3545->3547 3546->3540 3556 403037 3546->3556 3547->3540 3549 4030b0 wsprintfW 3550 405727 28 API calls 3549->3550 3551 4030cd 3550->3551 3551->3540 3553 406aef PeekMessageW 3552->3553 3554 406ae5 DispatchMessageW 3553->3554 3555 406aff 3553->3555 3554->3553 3555->3540 3557 403046 3556->3557 3558 403048 MulDiv 3556->3558 3557->3558 3558->3549 4596 401a97 4597 402da9 21 API calls 4596->4597 4598 401aa0 4597->4598 4599 402da9 21 API calls 4598->4599 4600 401a45 4599->4600 4601 401598 4602 4015b1 4601->4602 4603 4015a8 ShowWindow 4601->4603 4604 402c4f 4602->4604 4605 4015bf ShowWindow 4602->4605 4603->4602 4605->4604 4606 402419 4607 402dcb 21 API calls 4606->4607 4608 402428 4607->4608 4609 402dcb 21 API calls 4608->4609 4610 402431 4609->4610 4611 402dcb 21 API calls 4610->4611 4612 40243b GetPrivateProfileStringW 4611->4612 4613 40201b 4614 402dcb 21 API calls 4613->4614 4615 402022 4614->4615 4616 4069ff 2 API calls 4615->4616 4617 402028 4616->4617 4619 402039 4617->4619 4620 4065e9 wsprintfW 4617->4620 4620->4619 4621 40569b 4622 4056ab 4621->4622 4623 4056bf 4621->4623 4624 4056b1 4622->4624 4625 405708 4622->4625 4626 4056c7 IsWindowVisible 4623->4626 4632 4056de 4623->4632 4628 40466d SendMessageW 4624->4628 4627 40570d CallWindowProcW 4625->4627 4626->4625 4629 4056d4 4626->4629 4630 4056bb 4627->4630 4628->4630 4631 404fdc 5 API calls 4629->4631 4631->4632 4632->4627 4633 40505c 4 API calls 4632->4633 4633->4625 4634 401b9c 4635 402dcb 21 API calls 4634->4635 4636 401ba3 4635->4636 4637 402da9 21 API calls 4636->4637 4638 401bac wsprintfW 4637->4638 4639 402c4f 4638->4639 4640 40149e 4641 4023c2 4640->4641 4642 4014ac PostQuitMessage 4640->4642 4642->4641 4643 4016a0 4644 402dcb 21 API calls 4643->4644 4645 4016a7 4644->4645 4646 402dcb 21 API calls 4645->4646 4647 4016b0 4646->4647 4648 402dcb 21 API calls 4647->4648 4649 4016b9 MoveFileW 4648->4649 4650 4016cc 4649->4650 4656 4016c5 4649->4656 4652 4069ff 2 API calls 4650->4652 4653 40231b 4650->4653 4651 401423 28 API calls 4651->4653 4654 4016db 4652->4654 4654->4653 4655 406462 40 API calls 4654->4655 4655->4656 4656->4651 4657 404122 4658 40413a 4657->4658 4659 40429b 4657->4659 4658->4659 4660 404146 4658->4660 4661 4042ec 4659->4661 4662 4042ac GetDlgItem GetDlgItem 4659->4662 4664 404151 SetWindowPos 4660->4664 4665 404164 4660->4665 4663 404346 4661->4663 4671 401389 2 API calls 4661->4671 4666 404621 22 API calls 4662->4666 4667 40466d SendMessageW 4663->4667 4683 404296 4663->4683 4664->4665 4668 40416d ShowWindow 4665->4668 4669 4041af 4665->4669 4670 4042d6 SetClassLongW 4666->4670 4718 404358 4667->4718 4672 40418d GetWindowLongW 4668->4672 4695 404259 4668->4695 4673 4041b7 DestroyWindow 4669->4673 4674 4041ce 4669->4674 4675 40140b 2 API calls 4670->4675 4676 40431e 4671->4676 4678 4041a6 ShowWindow 4672->4678 4672->4695 4727 4045aa 4673->4727 4679 4041d3 SetWindowLongW 4674->4679 4680 4041e4 4674->4680 4675->4661 4676->4663 4682 404322 SendMessageW 4676->4682 4677 404688 8 API calls 4677->4683 4678->4669 4679->4683 4681 4041f0 GetDlgItem 4680->4681 4680->4695 4686 404201 SendMessageW IsWindowEnabled 4681->4686 4689 40421e 4681->4689 4682->4683 4684 40140b 2 API calls 4684->4718 4685 4045ac DestroyWindow EndDialog 4685->4727 4686->4683 4686->4689 4687 4045db ShowWindow 4687->4683 4688 4066df 21 API calls 4688->4718 4690 40422b 4689->4690 4692 404272 SendMessageW 4689->4692 4693 40423e 4689->4693 4700 404223 4689->4700 4690->4692 4690->4700 4691 404621 22 API calls 4691->4718 4692->4695 4696 404246 4693->4696 4697 40425b 4693->4697 4694 4045fa SendMessageW 4694->4695 4695->4677 4699 40140b 2 API calls 4696->4699 4698 40140b 2 API calls 4697->4698 4698->4700 4699->4700 4700->4694 4700->4695 4701 404621 22 API calls 4702 4043d3 GetDlgItem 4701->4702 4703 4043f0 ShowWindow EnableWindow 4702->4703 4704 4043e8 4702->4704 4728 404643 EnableWindow 4703->4728 4704->4703 4706 40441a EnableWindow 4711 40442e 4706->4711 4707 404433 GetSystemMenu EnableMenuItem SendMessageW 4708 404463 SendMessageW 4707->4708 4707->4711 4708->4711 4710 404103 22 API calls 4710->4711 4711->4707 4711->4710 4729 404656 SendMessageW 4711->4729 4730 4066a2 lstrcpynW 4711->4730 4713 404492 lstrlenW 4714 4066df 21 API calls 4713->4714 4715 4044a8 SetWindowTextW 4714->4715 4716 401389 2 API calls 4715->4716 4716->4718 4717 4044ec DestroyWindow 4719 404506 CreateDialogParamW 4717->4719 4717->4727 4718->4683 4718->4684 4718->4685 4718->4688 4718->4691 4718->4701 4718->4717 4720 404539 4719->4720 4719->4727 4721 404621 22 API calls 4720->4721 4722 404544 GetDlgItem GetWindowRect ScreenToClient SetWindowPos 4721->4722 4723 401389 2 API calls 4722->4723 4724 40458a 4723->4724 4724->4683 4725 404592 ShowWindow 4724->4725 4726 40466d SendMessageW 4725->4726 4726->4727 4727->4683 4727->4687 4728->4706 4729->4711 4730->4713 4731 401a24 4732 402dcb 21 API calls 4731->4732 4733 401a2b 4732->4733 4734 402dcb 21 API calls 4733->4734 4735 401a34 4734->4735 4736 401a3b lstrcmpiW 4735->4736 4737 401a4d lstrcmpW 4735->4737 4738 401a41 4736->4738 4737->4738 4739 402324 4740 402dcb 21 API calls 4739->4740 4741 40232a 4740->4741 4742 402dcb 21 API calls 4741->4742 4743 402333 4742->4743 4744 402dcb 21 API calls 4743->4744 4745 40233c 4744->4745 4746 4069ff 2 API calls 4745->4746 4747 402345 4746->4747 4748 402356 lstrlenW lstrlenW 4747->4748 4752 402349 4747->4752 4750 405727 28 API calls 4748->4750 4749 405727 28 API calls 4753 402351 4749->4753 4751 402394 SHFileOperationW 4750->4751 4751->4752 4751->4753 4752->4749 4752->4753 4761 401da6 4762 401db9 GetDlgItem 4761->4762 4763 401dac 4761->4763 4765 401db3 4762->4765 4764 402da9 21 API calls 4763->4764 4764->4765 4766 401dfa GetClientRect LoadImageW SendMessageW 4765->4766 4767 402dcb 21 API calls 4765->4767 4769 401e58 4766->4769 4771 401e64 4766->4771 4767->4766 4770 401e5d DeleteObject 4769->4770 4769->4771 4770->4771 4772 4023a8 4773 4023c2 4772->4773 4774 4023af 4772->4774 4775 4066df 21 API calls 4774->4775 4776 4023bc 4775->4776 4777 405d02 MessageBoxIndirectW 4776->4777 4777->4773 4778 402c2a SendMessageW 4779 402c44 InvalidateRect 4778->4779 4780 402c4f 4778->4780 4779->4780 4781 4024af 4782 402dcb 21 API calls 4781->4782 4783 4024c1 4782->4783 4784 402dcb 21 API calls 4783->4784 4785 4024cb 4784->4785 4798 402e5b 4785->4798 4788 402953 4789 402503 4791 40250f 4789->4791 4793 402da9 21 API calls 4789->4793 4790 402dcb 21 API calls 4792 4024f9 lstrlenW 4790->4792 4794 40252e RegSetValueExW 4791->4794 4796 403396 48 API calls 4791->4796 4792->4789 4793->4791 4795 402544 RegCloseKey 4794->4795 4795->4788 4796->4794 4799 402e76 4798->4799 4802 40653d 4799->4802 4803 40654c 4802->4803 4804 4024db 4803->4804 4805 406557 RegCreateKeyExW 4803->4805 4804->4788 4804->4789 4804->4790 4805->4804 4806 402930 4807 402dcb 21 API calls 4806->4807 4808 402937 FindFirstFileW 4807->4808 4809 40295f 4808->4809 4813 40294a 4808->4813 4810 402968 4809->4810 4814 4065e9 wsprintfW 4809->4814 4815 4066a2 lstrcpynW 4810->4815 4814->4810 4815->4813 4816 401931 4817 401968 4816->4817 4818 402dcb 21 API calls 4817->4818 4819 40196d 4818->4819 4820 405dae 71 API calls 4819->4820 4821 401976 4820->4821 4822 403d32 4823 403d3d 4822->4823 4824 403d41 4823->4824 4825 403d44 GlobalAlloc 4823->4825 4825->4824 4833 401934 4834 402dcb 21 API calls 4833->4834 4835 40193b 4834->4835 4836 405d02 MessageBoxIndirectW 4835->4836 4837 401944 4836->4837 4838 4028b6 4839 4028bd 4838->4839 4840 402bce 4838->4840 4841 402da9 21 API calls 4839->4841 4842 4028c4 4841->4842 4843 4028d3 SetFilePointer 4842->4843 4843->4840 4844 4028e3 4843->4844 4846 4065e9 wsprintfW 4844->4846 4846->4840 4847 401f37 4848 402dcb 21 API calls 4847->4848 4849 401f3d 4848->4849 4850 402dcb 21 API calls 4849->4850 4851 401f46 4850->4851 4852 402dcb 21 API calls 4851->4852 4853 401f4f 4852->4853 4854 402dcb 21 API calls 4853->4854 4855 401f58 4854->4855 4856 401423 28 API calls 4855->4856 4857 401f5f 4856->4857 4864 405cc8 ShellExecuteExW 4857->4864 4859 401fa7 4860 406b41 5 API calls 4859->4860 4861 402953 4859->4861 4862 401fc4 CloseHandle 4860->4862 4862->4861 4864->4859 4865 402fb8 4866 402fca SetTimer 4865->4866 4868 402fe3 4865->4868 4866->4868 4867 403031 4868->4867 4869 403037 MulDiv 4868->4869 4870 402ff1 wsprintfW SetWindowTextW SetDlgItemTextW 4869->4870 4870->4867 4872 4014b8 4873 4014be 4872->4873 4874 401389 2 API calls 4873->4874 4875 4014c6 4874->4875 4876 401d3c 4877 402da9 21 API calls 4876->4877 4878 401d42 IsWindow 4877->4878 4879 401a45 4878->4879

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 0 403665-4036b7 SetErrorMode GetVersionExW 1 4036f1-4036f6 0->1 2 4036b9-4036e9 GetVersionExW 0->2 3 4036f8 1->3 4 4036fe-403740 1->4 2->1 3->4 5 403742-40374a call 406a96 4->5 6 403753 4->6 5->6 12 40374c 5->12 8 403758-40376c call 406a26 lstrlenA 6->8 13 40376e-40378a call 406a96 * 3 8->13 12->6 20 40379b-4037ff #17 OleInitialize SHGetFileInfoW call 4066a2 GetCommandLineW call 4066a2 13->20 21 40378c-403792 13->21 28 403801-403803 20->28 29 403808-40381c call 405f9e CharNextW 20->29 21->20 25 403794 21->25 25->20 28->29 32 403917-40391d 29->32 33 403821-403827 32->33 34 403923 32->34 35 403830-403837 33->35 36 403829-40382e 33->36 37 403937-403951 GetTempPathW call 403634 34->37 38 403839-40383e 35->38 39 40383f-403843 35->39 36->35 36->36 44 403953-403971 GetWindowsDirectoryW lstrcatW call 403634 37->44 45 4039a9-4039c3 DeleteFileW call 4030f5 37->45 38->39 42 403904-403913 call 405f9e 39->42 43 403849-40384f 39->43 42->32 61 403915-403916 42->61 47 403851-403858 43->47 48 403869-4038a2 43->48 44->45 64 403973-4039a3 GetTempPathW lstrcatW SetEnvironmentVariableW * 2 call 403634 44->64 66 403bb0-403bc0 ExitProcess CoUninitialize 45->66 67 4039c9-4039cf 45->67 52 40385a-40385d 47->52 53 40385f 47->53 54 4038a4-4038a9 48->54 55 4038bf-4038f9 48->55 52->48 52->53 53->48 54->55 56 4038ab-4038b3 54->56 58 403901-403903 55->58 59 4038fb-4038ff 55->59 62 4038b5-4038b8 56->62 63 4038ba 56->63 58->42 59->58 65 403925-403932 call 4066a2 59->65 61->32 62->55 62->63 63->55 64->45 64->66 65->37 69 403bc2-403bd2 call 405d02 ExitProcess 66->69 70 403be6-403bec 66->70 71 4039d5-4039e0 call 405f9e 67->71 72 403a68-403a6f call 403d74 67->72 77 403c6a-403c72 70->77 78 403bee-403c04 GetCurrentProcess OpenProcessToken 70->78 88 4039e2-403a17 71->88 89 403a2e-403a38 71->89 86 403a74-403a78 72->86 80 403c74 77->80 81 403c78-403c7c ExitProcess 77->81 84 403c06-403c34 LookupPrivilegeValueW AdjustTokenPrivileges 78->84 85 403c3a-403c48 call 406a96 78->85 80->81 84->85 97 403c56-403c61 ExitWindowsEx 85->97 98 403c4a-403c54 85->98 86->66 93 403a19-403a1d 88->93 91 403a3a-403a48 call 406079 89->91 92 403a7d-403aa3 call 405c6d lstrlenW call 4066a2 89->92 91->66 107 403a4e-403a64 call 4066a2 * 2 91->107 110 403ab4-403acc 92->110 111 403aa5-403aaf call 4066a2 92->111 95 403a26-403a2a 93->95 96 403a1f-403a24 93->96 95->93 101 403a2c 95->101 96->95 96->101 97->77 102 403c63-403c65 call 40140b 97->102 98->97 98->102 101->89 102->77 107->72 114 403ad1-403ad5 110->114 111->110 116 403ada-403b04 wsprintfW call 4066df 114->116 120 403b06-403b0b call 405bf6 116->120 121 403b0d call 405c50 116->121 124 403b12-403b14 120->124 121->124 126 403b50-403b6f SetCurrentDirectoryW call 406462 CopyFileW 124->126 127 403b16-403b20 GetFileAttributesW 124->127 135 403b71-403b92 call 406462 call 4066df call 405c85 126->135 136 403bae 126->136 128 403b41-403b4c 127->128 129 403b22-403b2b DeleteFileW 127->129 128->114 132 403b4e 128->132 129->128 131 403b2d-403b3f call 405dae 129->131 131->116 131->128 132->66 144 403b94-403b9e 135->144 145 403bd8-403be4 CloseHandle 135->145 136->66 144->136 146 403ba0-403ba8 call 4069ff 144->146 145->136 146->116 146->136
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • SetErrorMode.KERNELBASE ref: 00403688
                                                                                                                                                                                                              • GetVersionExW.KERNEL32(?,?,?,?,?,?,?,?), ref: 004036B3
                                                                                                                                                                                                              • GetVersionExW.KERNEL32(?,?,?,?,?,?,?,?,?), ref: 004036C6
                                                                                                                                                                                                              • lstrlenA.KERNEL32(UXTHEME,UXTHEME,?,?,?,?,?,?,?,?), ref: 0040375F
                                                                                                                                                                                                              • #17.COMCTL32(?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 0040379C
                                                                                                                                                                                                              • OleInitialize.OLE32(00000000), ref: 004037A3
                                                                                                                                                                                                              • SHGetFileInfoW.SHELL32(00420F08,00000000,?,000002B4,00000000), ref: 004037C2
                                                                                                                                                                                                              • GetCommandLineW.KERNEL32(00428A60,NSIS Error,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 004037D7
                                                                                                                                                                                                              • CharNextW.USER32(00000000,"C:\Users\user\Desktop\DHzscd9uqT.exe",00000020,"C:\Users\user\Desktop\DHzscd9uqT.exe",00000000,?,00000008,0000000A,0000000C), ref: 00403810
                                                                                                                                                                                                              • GetTempPathW.KERNEL32(00000400,C:\Users\user\AppData\Local\Temp\,00000000,00008001,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00403948
                                                                                                                                                                                                              • GetWindowsDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\,000003FB,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00403959
                                                                                                                                                                                                              • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,\Temp,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00403965
                                                                                                                                                                                                              • GetTempPathW.KERNEL32(000003FC,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,\Temp,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00403979
                                                                                                                                                                                                              • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,Low,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00403981
                                                                                                                                                                                                              • SetEnvironmentVariableW.KERNEL32(TEMP,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,Low,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00403992
                                                                                                                                                                                                              • SetEnvironmentVariableW.KERNEL32(TMP,C:\Users\user\AppData\Local\Temp\,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 0040399A
                                                                                                                                                                                                              • DeleteFileW.KERNELBASE(1033,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 004039AE
                                                                                                                                                                                                              • lstrlenW.KERNEL32(C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\DHzscd9uqT.exe",00000000,?,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00403A87
                                                                                                                                                                                                                • Part of subcall function 004066A2: lstrcpynW.KERNEL32(?,?,00000400,004037D7,00428A60,NSIS Error,?,00000008,0000000A,0000000C), ref: 004066AF
                                                                                                                                                                                                              • wsprintfW.USER32 ref: 00403AE4
                                                                                                                                                                                                              • GetFileAttributesW.KERNEL32(0042C800,C:\Users\user\AppData\Local\Temp\), ref: 00403B17
                                                                                                                                                                                                              • DeleteFileW.KERNEL32(0042C800), ref: 00403B23
                                                                                                                                                                                                              • SetCurrentDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\), ref: 00403B51
                                                                                                                                                                                                                • Part of subcall function 00406462: MoveFileExW.KERNEL32(?,?,00000005,00405F60,?,00000000,000000F1,?,?,?,?,?), ref: 0040646C
                                                                                                                                                                                                              • CopyFileW.KERNEL32(00437800,0042C800,00000001,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00403B67
                                                                                                                                                                                                                • Part of subcall function 00405C85: CreateProcessW.KERNELBASE(00000000,0042C800,00000000,00000000,00000000,04000000,00000000,00000000,00425F50,?,?,?,0042C800,?), ref: 00405CAE
                                                                                                                                                                                                                • Part of subcall function 00405C85: CloseHandle.KERNEL32(?,?,?,0042C800,?), ref: 00405CBB
                                                                                                                                                                                                                • Part of subcall function 004069FF: FindFirstFileW.KERNEL32(?,00425F98,00425750,004060C2,00425750,00425750,00000000,00425750,00425750, 4#v.#v,?,76232EE0,00405DCE,?,76233420,76232EE0), ref: 00406A0A
                                                                                                                                                                                                                • Part of subcall function 004069FF: FindClose.KERNEL32(00000000), ref: 00406A16
                                                                                                                                                                                                              • ExitProcess.KERNEL32(?,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00403BB0
                                                                                                                                                                                                              • CoUninitialize.COMBASE(?,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00403BB5
                                                                                                                                                                                                              • ExitProcess.KERNEL32 ref: 00403BD2
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000,0042D000,0042D000,?,0042C800,00000000), ref: 00403BD9
                                                                                                                                                                                                              • GetCurrentProcess.KERNEL32(00000028,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00403BF5
                                                                                                                                                                                                              • OpenProcessToken.ADVAPI32(00000000,?,?,?,?,?,?,?,?), ref: 00403BFC
                                                                                                                                                                                                              • LookupPrivilegeValueW.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 00403C11
                                                                                                                                                                                                              • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,?,?,?,?,?,?,?), ref: 00403C34
                                                                                                                                                                                                              • ExitWindowsEx.USER32(00000002,80040002), ref: 00403C59
                                                                                                                                                                                                              • ExitProcess.KERNEL32 ref: 00403C7C
                                                                                                                                                                                                                • Part of subcall function 00405C50: CreateDirectoryW.KERNELBASE(?,00000000,00403658,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,0040394F,?,00000008,0000000A,0000000C), ref: 00405C56
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.2395495639.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395466379.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395527121.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395753113.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_DHzscd9uqT.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: File$Process$Exit$CloseDirectory$CreateCurrentDeleteEnvironmentFindHandlePathTempTokenVariableVersionWindowslstrcatlstrlen$AdjustAttributesCharCommandCopyErrorFirstInfoInitializeLineLookupModeMoveNextOpenPrivilegePrivilegesUninitializeValuelstrcpynwsprintf
                                                                                                                                                                                                              • String ID: "C:\Users\user\Desktop\DHzscd9uqT.exe"$1033$C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Roaming\InstallerPDW$C:\Users\user\AppData\Roaming\InstallerPDW$C:\Users\user\Desktop$Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$Low$NSIS Error$SeShutdownPrivilege$TEMP$TMP$UXTHEME$\Temp$~nsu%X.tmp
                                                                                                                                                                                                              • API String ID: 2017177436-2580930593
                                                                                                                                                                                                              • Opcode ID: c8ecde8f5fb7b88eef3e6f1086e617b0db5a8797377003ade68e27393331e950
                                                                                                                                                                                                              • Instruction ID: 48c25345ab5c6186891d52a8fabce3a967a0262862fdddf466c19d710b4311b7
                                                                                                                                                                                                              • Opcode Fuzzy Hash: c8ecde8f5fb7b88eef3e6f1086e617b0db5a8797377003ade68e27393331e950
                                                                                                                                                                                                              • Instruction Fuzzy Hash: EDF1E571604301AAD720AF659D05B2B7EE8EB8570AF10483EF581B22D1DB7CDA45CB6E

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 435 406dc0-406dc5 436 406e36-406e54 435->436 437 406dc7-406df6 435->437 440 40742c-407441 436->440 438 406df8-406dfb 437->438 439 406dfd-406e01 437->439 441 406e0d-406e10 438->441 442 406e03-406e07 439->442 443 406e09 439->443 444 407443-407459 440->444 445 40745b-407471 440->445 446 406e12-406e1b 441->446 447 406e2e-406e31 441->447 442->441 443->441 448 407474-40747b 444->448 445->448 451 406e20-406e2c 446->451 452 406e1d 446->452 453 407003-407021 447->453 449 4074a2-4074ae 448->449 450 40747d-407481 448->450 462 406c44-406c4d 449->462 454 407630-40763a 450->454 455 407487-40749f 450->455 459 406e96-406ec4 451->459 452->451 457 407023-407037 453->457 458 407039-40704b 453->458 464 407646-407659 454->464 455->449 463 40704e-407058 457->463 458->463 460 406ee0-406efa 459->460 461 406ec6-406ede 459->461 465 406efd-406f07 460->465 461->465 466 406c53 462->466 467 40765b 462->467 468 40705a 463->468 469 406ffb-407001 463->469 470 40765e-407662 464->470 472 406f0d 465->472 473 406e7e-406e84 465->473 474 406c5a-406c5e 466->474 475 406d9a-406dbb 466->475 476 406cff-406d03 466->476 477 406d6f-406d73 466->477 467->470 478 406fd6-406fda 468->478 479 40716b-407178 468->479 469->453 471 406f9f-406fa9 469->471 487 4075ee-4075f8 471->487 488 406faf-406fd1 471->488 494 406e63-406e7b 472->494 495 4075ca-4075d4 472->495 489 406f37-406f3d 473->489 490 406e8a-406e90 473->490 474->464 483 406c64-406c71 474->483 475->440 491 406d09-406d22 476->491 492 4075af-4075b9 476->492 485 406d79-406d8d 477->485 486 4075be-4075c8 477->486 480 406fe0-406ff8 478->480 481 4075e2-4075ec 478->481 479->462 484 4071c7-4071d6 479->484 480->469 481->464 483->467 493 406c77-406cbd 483->493 484->440 499 406d90-406d98 485->499 486->464 487->464 488->479 496 406f9b 489->496 498 406f3f-406f5d 489->498 490->459 490->496 497 406d25-406d29 491->497 492->464 501 406ce5-406ce7 493->501 502 406cbf-406cc3 493->502 494->473 495->464 496->471 497->476 500 406d2b-406d31 497->500 503 406f75-406f87 498->503 504 406f5f-406f73 498->504 499->475 499->477 509 406d33-406d3a 500->509 510 406d5b-406d6d 500->510 507 406cf5-406cfd 501->507 508 406ce9-406cf3 501->508 505 406cc5-406cc8 GlobalFree 502->505 506 406cce-406cdc GlobalAlloc 502->506 511 406f8a-406f94 503->511 504->511 505->506 506->467 514 406ce2 506->514 507->497 508->507 508->508 512 406d45-406d55 GlobalAlloc 509->512 513 406d3c-406d3f GlobalFree 509->513 510->499 511->489 515 406f96 511->515 512->467 512->510 513->512 514->501 517 4075d6-4075e0 515->517 518 406f1c-406f34 515->518 517->464 518->489
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.2395495639.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395466379.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395527121.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395753113.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_DHzscd9uqT.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: f9c4c7fe21643fbeaf7e138ee869f294de0f5e1fd31501e9972d14a61e44697c
                                                                                                                                                                                                              • Instruction ID: 2c84522690a72e7b125efbdd79dcce5a6d58b8fc95eff680b6a5e34cc787ad25
                                                                                                                                                                                                              • Opcode Fuzzy Hash: f9c4c7fe21643fbeaf7e138ee869f294de0f5e1fd31501e9972d14a61e44697c
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5EF17670D04229CBDF28CFA8C8946ADBBB1FF44305F24856ED456BB281D7786A86CF45

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 149 403d74-403d8c call 406a96 152 403da0-403dd7 call 406570 149->152 153 403d8e-403d9e call 4065e9 149->153 158 403dd9-403dea call 406570 152->158 159 403def-403df5 lstrcatW 152->159 162 403dfa-403e23 call 40404a call 406079 153->162 158->159 159->162 167 403eb5-403ebd call 406079 162->167 168 403e29-403e2e 162->168 174 403ecb-403ef0 LoadImageW 167->174 175 403ebf-403ec6 call 4066df 167->175 168->167 169 403e34-403e5c call 406570 168->169 169->167 176 403e5e-403e62 169->176 178 403f71-403f79 call 40140b 174->178 179 403ef2-403f22 RegisterClassW 174->179 175->174 180 403e74-403e80 lstrlenW 176->180 181 403e64-403e71 call 405f9e 176->181 190 403f83-403f8e call 40404a 178->190 191 403f7b-403f7e 178->191 182 404040 179->182 183 403f28-403f6c SystemParametersInfoW CreateWindowExW 179->183 187 403e82-403e90 lstrcmpiW 180->187 188 403ea8-403eb0 call 405f71 call 4066a2 180->188 181->180 186 404042-404049 182->186 183->178 187->188 194 403e92-403e9c GetFileAttributesW 187->194 188->167 202 403f94-403fae ShowWindow call 406a26 190->202 203 404017-40401f call 4057fa 190->203 191->186 197 403ea2-403ea3 call 405fbd 194->197 198 403e9e-403ea0 194->198 197->188 198->188 198->197 210 403fb0-403fb5 call 406a26 202->210 211 403fba-403fcc GetClassInfoW 202->211 208 404021-404027 203->208 209 404039-40403b call 40140b 203->209 208->191 212 40402d-404034 call 40140b 208->212 209->182 210->211 215 403fe4-404015 DialogBoxParamW call 40140b call 403cc4 211->215 216 403fce-403fde GetClassInfoW RegisterClassW 211->216 212->191 215->186 216->215
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                • Part of subcall function 00406A96: GetModuleHandleA.KERNEL32(?,00000020,?,00403775,0000000C,?,?,?,?,?,?,?,?), ref: 00406AA8
                                                                                                                                                                                                                • Part of subcall function 00406A96: GetProcAddress.KERNEL32(00000000,?), ref: 00406AC3
                                                                                                                                                                                                              • lstrcatW.KERNEL32(1033,00422F48,80000001,Control Panel\Desktop\ResourceLocale,00000000,00422F48,00000000,00000002,76233420,C:\Users\user\AppData\Local\Temp\,00000000,"C:\Users\user\Desktop\DHzscd9uqT.exe",00008001), ref: 00403DF5
                                                                                                                                                                                                              • lstrlenW.KERNEL32(C:\Users\user\AppData\Roaming\InstallerPDW\install.exe,?,?,?,C:\Users\user\AppData\Roaming\InstallerPDW\install.exe,00000000,C:\Users\user\AppData\Roaming\InstallerPDW,1033,00422F48,80000001,Control Panel\Desktop\ResourceLocale,00000000,00422F48,00000000,00000002,76233420), ref: 00403E75
                                                                                                                                                                                                              • lstrcmpiW.KERNEL32(?,.exe,C:\Users\user\AppData\Roaming\InstallerPDW\install.exe,?,?,?,C:\Users\user\AppData\Roaming\InstallerPDW\install.exe,00000000,C:\Users\user\AppData\Roaming\InstallerPDW,1033,00422F48,80000001,Control Panel\Desktop\ResourceLocale,00000000,00422F48,00000000), ref: 00403E88
                                                                                                                                                                                                              • GetFileAttributesW.KERNEL32(C:\Users\user\AppData\Roaming\InstallerPDW\install.exe), ref: 00403E93
                                                                                                                                                                                                              • LoadImageW.USER32(00000067,00000001,00000000,00000000,00008040,C:\Users\user\AppData\Roaming\InstallerPDW), ref: 00403EDC
                                                                                                                                                                                                                • Part of subcall function 004065E9: wsprintfW.USER32 ref: 004065F6
                                                                                                                                                                                                              • RegisterClassW.USER32(00428A00), ref: 00403F19
                                                                                                                                                                                                              • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00403F31
                                                                                                                                                                                                              • CreateWindowExW.USER32(00000080,_Nb,00000000,80000000,?,?,?,?,00000000,00000000,00000000), ref: 00403F66
                                                                                                                                                                                                              • ShowWindow.USER32(00000005,00000000), ref: 00403F9C
                                                                                                                                                                                                              • GetClassInfoW.USER32(00000000,RichEdit20W,00428A00), ref: 00403FC8
                                                                                                                                                                                                              • GetClassInfoW.USER32(00000000,RichEdit,00428A00), ref: 00403FD5
                                                                                                                                                                                                              • RegisterClassW.USER32(00428A00), ref: 00403FDE
                                                                                                                                                                                                              • DialogBoxParamW.USER32(?,00000000,00404122,00000000), ref: 00403FFD
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.2395495639.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395466379.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395527121.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395753113.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_DHzscd9uqT.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Class$Info$RegisterWindow$AddressAttributesCreateDialogFileHandleImageLoadModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
                                                                                                                                                                                                              • String ID: "C:\Users\user\Desktop\DHzscd9uqT.exe"$.DEFAULT\Control Panel\International$.exe$1033$C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Roaming\InstallerPDW$C:\Users\user\AppData\Roaming\InstallerPDW\install.exe$Control Panel\Desktop\ResourceLocale$H/B$RichEd20$RichEd32$RichEdit$RichEdit20W$_Nb
                                                                                                                                                                                                              • API String ID: 1975747703-3125531373
                                                                                                                                                                                                              • Opcode ID: 88ce8c9e08653c8c77508e3d04e35fbea88059d5690854b4a695da9470a7d88c
                                                                                                                                                                                                              • Instruction ID: c4c704bd5297fd73affe36db923882850e9d0fe41f98d1713f1e709c6875f219
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 88ce8c9e08653c8c77508e3d04e35fbea88059d5690854b4a695da9470a7d88c
                                                                                                                                                                                                              • Instruction Fuzzy Hash: E061C670240701BAD620AB66AD46F2B3A7CEB85745F41453FF941B22E2DF7D5D02CA2D

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 223 4030f5-403143 GetTickCount GetModuleFileNameW call 406192 226 403145-40314a 223->226 227 40314f-40317d call 4066a2 call 405fbd call 4066a2 GetFileSize 223->227 228 40338f-403393 226->228 235 403183 227->235 236 403268-403276 call 403053 227->236 238 403188-40319f 235->238 242 403347-40334c 236->242 243 40327c-40327f 236->243 240 4031a1 238->240 241 4031a3-4031ac call 403607 238->241 240->241 248 4031b2-4031b9 241->248 249 403303-40330b call 403053 241->249 242->228 246 403281-403299 call 40361d call 403607 243->246 247 4032ab-4032f7 GlobalAlloc call 406bf1 call 4061c1 CreateFileW 243->247 246->242 270 40329f-4032a5 246->270 274 4032f9-4032fe 247->274 275 40330d-40333d call 40361d call 403396 247->275 252 403235-403239 248->252 253 4031bb-4031cf call 40614d 248->253 249->242 260 403243-403249 252->260 261 40323b-403242 call 403053 252->261 253->260 272 4031d1-4031d8 253->272 265 403258-403260 260->265 266 40324b-403255 call 406b83 260->266 261->260 265->238 273 403266 265->273 266->265 270->242 270->247 272->260 277 4031da-4031e1 272->277 273->236 274->228 284 403342-403345 275->284 277->260 279 4031e3-4031ea 277->279 279->260 281 4031ec-4031f3 279->281 281->260 283 4031f5-403215 281->283 283->242 286 40321b-40321f 283->286 284->242 285 40334e-40335f 284->285 287 403361 285->287 288 403367-40336c 285->288 289 403221-403225 286->289 290 403227-40322f 286->290 287->288 291 40336d-403373 288->291 289->273 289->290 290->260 292 403231-403233 290->292 291->291 293 403375-40338d call 40614d 291->293 292->260 293->228
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetTickCount.KERNEL32 ref: 00403109
                                                                                                                                                                                                              • GetModuleFileNameW.KERNEL32(00000000,00437800,00000400), ref: 00403125
                                                                                                                                                                                                                • Part of subcall function 00406192: GetFileAttributesW.KERNELBASE(00000003,00403138,00437800,80000000,00000003), ref: 00406196
                                                                                                                                                                                                                • Part of subcall function 00406192: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 004061B8
                                                                                                                                                                                                              • GetFileSize.KERNEL32(00000000,00000000,00438000,00000000,C:\Users\user\Desktop,C:\Users\user\Desktop,00437800,00437800,80000000,00000003), ref: 0040316E
                                                                                                                                                                                                              • GlobalAlloc.KERNELBASE(00000040,00008001), ref: 004032B0
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              • Error writing temporary file. Make sure your temp folder is valid., xrefs: 004032F9
                                                                                                                                                                                                              • Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author , xrefs: 00403347
                                                                                                                                                                                                              • Inst, xrefs: 004031DA
                                                                                                                                                                                                              • Null, xrefs: 004031EC
                                                                                                                                                                                                              • soft, xrefs: 004031E3
                                                                                                                                                                                                              • C:\Users\user\AppData\Local\Temp\, xrefs: 004030FF, 004032C8
                                                                                                                                                                                                              • C:\Users\user\Desktop, xrefs: 00403150, 00403155, 0040315B
                                                                                                                                                                                                              • Error launching installer, xrefs: 00403145
                                                                                                                                                                                                              • "C:\Users\user\Desktop\DHzscd9uqT.exe", xrefs: 004030FE
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.2395495639.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395466379.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395527121.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395753113.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_DHzscd9uqT.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: File$AllocAttributesCountCreateGlobalModuleNameSizeTick
                                                                                                                                                                                                              • String ID: "C:\Users\user\Desktop\DHzscd9uqT.exe"$C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author $Null$soft
                                                                                                                                                                                                              • API String ID: 2803837635-4289299796
                                                                                                                                                                                                              • Opcode ID: e25ddccf2931d554cf8ae4c0c3bfc4e86d8fe1291d5fc5cd744d09a7651939d3
                                                                                                                                                                                                              • Instruction ID: 4d59aa34fe8aef517225e0e03f455ac639a07fb2fd098cfe03fbce1fe051b31e
                                                                                                                                                                                                              • Opcode Fuzzy Hash: e25ddccf2931d554cf8ae4c0c3bfc4e86d8fe1291d5fc5cd744d09a7651939d3
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4671D071A00204ABDB20DFA4DD86BAE3EACAB04715F20457FE915B72C1CB789F418B5C

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 296 4066df-4066e8 297 4066ea-4066f9 296->297 298 4066fb-406715 296->298 297->298 299 406925-40692b 298->299 300 40671b-406727 298->300 302 406931-40693e 299->302 303 406739-406746 299->303 300->299 301 40672d-406734 300->301 301->299 305 406940-406945 call 4066a2 302->305 306 40694a-40694d 302->306 303->302 304 40674c-406755 303->304 307 406912 304->307 308 40675b-40679e 304->308 305->306 310 406920-406923 307->310 311 406914-40691e 307->311 312 4067a4-4067b0 308->312 313 4068b6-4068ba 308->313 310->299 311->299 314 4067b2 312->314 315 4067ba-4067bc 312->315 316 4068bc-4068c3 313->316 317 4068ee-4068f2 313->317 314->315 320 4067f6-4067f9 315->320 321 4067be-4067e4 call 406570 315->321 318 4068d3-4068df call 4066a2 316->318 319 4068c5-4068d1 call 4065e9 316->319 322 406902-406910 lstrlenW 317->322 323 4068f4-4068fd call 4066df 317->323 335 4068e4-4068ea 318->335 319->335 328 4067fb-406807 GetSystemDirectoryW 320->328 329 40680c-40680f 320->329 337 40689e-4068a1 321->337 339 4067ea-4067f1 call 4066df 321->339 322->299 323->322 330 406899-40689c 328->330 331 406821-406825 329->331 332 406811-40681d GetWindowsDirectoryW 329->332 336 4068ae-4068b4 call 406950 330->336 330->337 331->330 338 406827-406845 331->338 332->331 335->322 340 4068ec 335->340 336->322 337->336 341 4068a3-4068a9 lstrcatW 337->341 343 406847-40684d 338->343 344 406859-406871 call 406a96 338->344 339->330 340->336 341->336 349 406855-406857 343->349 353 406873-406886 SHGetPathFromIDListW CoTaskMemFree 344->353 354 406888-406891 344->354 349->344 351 406893-406897 349->351 351->330 353->351 353->354 354->338 354->351
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetSystemDirectoryW.KERNEL32(C:\Users\user\AppData\Roaming\InstallerPDW\install.exe,00000400), ref: 00406801
                                                                                                                                                                                                              • GetWindowsDirectoryW.KERNEL32(C:\Users\user\AppData\Roaming\InstallerPDW\install.exe,00000400,00000000,00421F28,?,?,00000000,00000000,00000000,00000000), ref: 00406817
                                                                                                                                                                                                              • SHGetPathFromIDListW.SHELL32(00000000,C:\Users\user\AppData\Roaming\InstallerPDW\install.exe), ref: 00406875
                                                                                                                                                                                                              • CoTaskMemFree.OLE32(00000000,?,00000000,00000007), ref: 0040687E
                                                                                                                                                                                                              • lstrcatW.KERNEL32(C:\Users\user\AppData\Roaming\InstallerPDW\install.exe,\Microsoft\Internet Explorer\Quick Launch,00000000,00421F28,?,?,00000000,00000000,00000000,00000000), ref: 004068A9
                                                                                                                                                                                                              • lstrlenW.KERNEL32(C:\Users\user\AppData\Roaming\InstallerPDW\install.exe,00000000,00421F28,?,?,00000000,00000000,00000000,00000000), ref: 00406903
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.2395495639.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395466379.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395527121.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395753113.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_DHzscd9uqT.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Directory$FreeFromListPathSystemTaskWindowslstrcatlstrlen
                                                                                                                                                                                                              • String ID: C:\Users\user\AppData\Roaming\InstallerPDW\install.exe$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                                                                                                                                                                                                              • API String ID: 4024019347-4113998796
                                                                                                                                                                                                              • Opcode ID: 6f2761d7cb5587a470c052371fa5fb6b0836c691dcd2ac77b9ed8a87730eab65
                                                                                                                                                                                                              • Instruction ID: c05bc8db6a500faa8ceae89892d654845b9b7d80f8daaf315b7a9d2c48b59061
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6f2761d7cb5587a470c052371fa5fb6b0836c691dcd2ac77b9ed8a87730eab65
                                                                                                                                                                                                              • Instruction Fuzzy Hash: CE6147B2A053019BEB20AF24DC84B6B77D8AF54314F26453FF587B26D0DA3C8961875E

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 355 401794-4017b9 call 402dcb call 405fe8 360 4017c3-4017d5 call 4066a2 call 405f71 lstrcatW 355->360 361 4017bb-4017c1 call 4066a2 355->361 366 4017da-4017db call 406950 360->366 361->366 370 4017e0-4017e4 366->370 371 4017e6-4017f0 call 4069ff 370->371 372 401817-40181a 370->372 379 401802-401814 371->379 380 4017f2-401800 CompareFileTime 371->380 374 401822-40183e call 406192 372->374 375 40181c-40181d call 40616d 372->375 382 401840-401843 374->382 383 4018b2-4018db call 405727 call 403396 374->383 375->374 379->372 380->379 384 401894-40189e call 405727 382->384 385 401845-401883 call 4066a2 * 2 call 4066df call 4066a2 call 405d02 382->385 395 4018e3-4018ef SetFileTime 383->395 396 4018dd-4018e1 383->396 397 4018a7-4018ad 384->397 385->370 417 401889-40188a 385->417 400 4018f5-401900 CloseHandle 395->400 396->395 396->400 401 402c58 397->401 404 401906-401909 400->404 405 402c4f-402c52 400->405 402 402c5a-402c5e 401->402 407 40190b-40191c call 4066df lstrcatW 404->407 408 40191e-401921 call 4066df 404->408 405->401 414 401926-4023c7 call 405d02 407->414 408->414 414->402 421 402953-40295a 414->421 417->397 419 40188c-40188d 417->419 419->384 421->405
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • lstrcatW.KERNEL32(00000000,00000000,C:\Users\user\AppData\Roaming\InstallerPDW\install.exe,C:\Users\user\AppData\Roaming\InstallerPDW,?,?,00000031), ref: 004017D5
                                                                                                                                                                                                              • CompareFileTime.KERNEL32(-00000014,?,C:\Users\user\AppData\Roaming\InstallerPDW\install.exe,C:\Users\user\AppData\Roaming\InstallerPDW\install.exe,00000000,00000000,C:\Users\user\AppData\Roaming\InstallerPDW\install.exe,C:\Users\user\AppData\Roaming\InstallerPDW,?,?,00000031), ref: 004017FA
                                                                                                                                                                                                                • Part of subcall function 004066A2: lstrcpynW.KERNEL32(?,?,00000400,004037D7,00428A60,NSIS Error,?,00000008,0000000A,0000000C), ref: 004066AF
                                                                                                                                                                                                                • Part of subcall function 00405727: lstrlenW.KERNEL32(00421F28,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030CD,00000000,?), ref: 0040575F
                                                                                                                                                                                                                • Part of subcall function 00405727: lstrlenW.KERNEL32(004030CD,00421F28,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030CD,00000000), ref: 0040576F
                                                                                                                                                                                                                • Part of subcall function 00405727: lstrcatW.KERNEL32(00421F28,004030CD,004030CD,00421F28,00000000,00000000,00000000), ref: 00405782
                                                                                                                                                                                                                • Part of subcall function 00405727: SetWindowTextW.USER32(00421F28,00421F28), ref: 00405794
                                                                                                                                                                                                                • Part of subcall function 00405727: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 004057BA
                                                                                                                                                                                                                • Part of subcall function 00405727: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 004057D4
                                                                                                                                                                                                                • Part of subcall function 00405727: SendMessageW.USER32(?,00001013,?,00000000), ref: 004057E2
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.2395495639.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395466379.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395527121.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395753113.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_DHzscd9uqT.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                                                                                                                                                                                                              • String ID: C:\Users\user\AppData\Roaming\InstallerPDW$C:\Users\user\AppData\Roaming\InstallerPDW$C:\Users\user\AppData\Roaming\InstallerPDW\install.exe
                                                                                                                                                                                                              • API String ID: 1941528284-2540690755
                                                                                                                                                                                                              • Opcode ID: 35c3f6a2f7561330f216546da6f00e51e59c92991de695342cfad82cb0a0900a
                                                                                                                                                                                                              • Instruction ID: adf8bb8e975ebc770d7c27afbe064fe35cfd0cbf1071ecc95f96a86e7a4b9e55
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 35c3f6a2f7561330f216546da6f00e51e59c92991de695342cfad82cb0a0900a
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8A41C671900105BACF117BA5CD85DAE3A79EF45368F21823FF422B10E1D73D8E91AA2D

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 422 406a26-406a46 GetSystemDirectoryW 423 406a48 422->423 424 406a4a-406a4c 422->424 423->424 425 406a5d-406a5f 424->425 426 406a4e-406a57 424->426 428 406a60-406a93 wsprintfW LoadLibraryExW 425->428 426->425 427 406a59-406a5b 426->427 427->428
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetSystemDirectoryW.KERNEL32(?,00000104), ref: 00406A3D
                                                                                                                                                                                                              • wsprintfW.USER32 ref: 00406A78
                                                                                                                                                                                                              • LoadLibraryExW.KERNEL32(?,00000000,00000008), ref: 00406A8C
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.2395495639.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395466379.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395527121.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395753113.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_DHzscd9uqT.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: DirectoryLibraryLoadSystemwsprintf
                                                                                                                                                                                                              • String ID: %s%S.dll$UXTHEME
                                                                                                                                                                                                              • API String ID: 2200240437-1106614640
                                                                                                                                                                                                              • Opcode ID: bea2c3dfad6db3553b24c87bd1a60070de232aee380c5cee9c100d0800ee2260
                                                                                                                                                                                                              • Instruction ID: 2c328a31db22aac531adf2f34800fe5ee0562984a44f040f64af452ff7173633
                                                                                                                                                                                                              • Opcode Fuzzy Hash: bea2c3dfad6db3553b24c87bd1a60070de232aee380c5cee9c100d0800ee2260
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 36F0FC3060011967CF14BB64DD0EF9B375C9B01704F10847AA546F10D0EB789668CF98

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 429 4061c1-4061cd 430 4061ce-406202 GetTickCount GetTempFileNameW 429->430 431 406211-406213 430->431 432 406204-406206 430->432 433 40620b-40620e 431->433 432->430 434 406208 432->434 434->433
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetTickCount.KERNEL32 ref: 004061DF
                                                                                                                                                                                                              • GetTempFileNameW.KERNELBASE(?,?,00000000,?,?,?,00000000,00403663,1033,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,0040394F), ref: 004061FA
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.2395495639.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395466379.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395527121.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395753113.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_DHzscd9uqT.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CountFileNameTempTick
                                                                                                                                                                                                              • String ID: C:\Users\user\AppData\Local\Temp\$nsa
                                                                                                                                                                                                              • API String ID: 1716503409-1857211195
                                                                                                                                                                                                              • Opcode ID: ca4f867381b256d976a036b4ee2479ffffcb38332db50c9e5a73bf50e74bc53e
                                                                                                                                                                                                              • Instruction ID: f348173cd445ce0cff63ab1922c44f7ab34be52ec2d52f6d3f60174017d9ed76
                                                                                                                                                                                                              • Opcode Fuzzy Hash: ca4f867381b256d976a036b4ee2479ffffcb38332db50c9e5a73bf50e74bc53e
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3BF06D76701204BBEB109B59DD05E9AB7A8EBA1710F11803EEA01A6240E6B099648764

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 519 4015e6-4015fa call 402dcb call 40601c 524 401656-401659 519->524 525 4015fc-40160f call 405f9e 519->525 527 401688-40231b call 401423 524->527 528 40165b-40167a call 401423 call 4066a2 SetCurrentDirectoryW 524->528 532 401611-401614 525->532 533 401629-40162c call 405c50 525->533 541 402c4f-402c5e 527->541 528->541 545 401680-401683 528->545 532->533 536 401616-40161d call 405c6d 532->536 543 401631-401633 533->543 536->533 550 40161f-401627 call 405bf6 536->550 546 401635-40163a 543->546 547 40164c-401654 543->547 545->541 551 401649 546->551 552 40163c-401647 GetFileAttributesW 546->552 547->524 547->525 550->543 551->547 552->547 552->551
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                • Part of subcall function 0040601C: CharNextW.USER32(?,?,00425750,?,00406090,00425750,00425750, 4#v.#v,?,76232EE0,00405DCE,?,76233420,76232EE0,"C:\Users\user\Desktop\DHzscd9uqT.exe"), ref: 0040602A
                                                                                                                                                                                                                • Part of subcall function 0040601C: CharNextW.USER32(00000000), ref: 0040602F
                                                                                                                                                                                                                • Part of subcall function 0040601C: CharNextW.USER32(00000000), ref: 00406047
                                                                                                                                                                                                              • GetFileAttributesW.KERNELBASE(?,?,00000000,0000005C,00000000,000000F0), ref: 0040163F
                                                                                                                                                                                                                • Part of subcall function 00405BF6: CreateDirectoryW.KERNEL32(0042C800,?), ref: 00405C38
                                                                                                                                                                                                              • SetCurrentDirectoryW.KERNELBASE(?,C:\Users\user\AppData\Roaming\InstallerPDW,?,00000000,000000F0), ref: 00401672
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              • C:\Users\user\AppData\Roaming\InstallerPDW, xrefs: 00401665
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.2395495639.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395466379.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395527121.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395753113.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_DHzscd9uqT.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CharNext$Directory$AttributesCreateCurrentFile
                                                                                                                                                                                                              • String ID: C:\Users\user\AppData\Roaming\InstallerPDW
                                                                                                                                                                                                              • API String ID: 1892508949-3996375116
                                                                                                                                                                                                              • Opcode ID: 4f9ce7762f140e92fcfef966fec6f851fe7b9e3b915c8f3601bd4a45b374f6a8
                                                                                                                                                                                                              • Instruction ID: af3d40abcb4b92d5c03464ca519eb5fb88e5f0cb8c812bf2788953b75bb9e179
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4f9ce7762f140e92fcfef966fec6f851fe7b9e3b915c8f3601bd4a45b374f6a8
                                                                                                                                                                                                              • Instruction Fuzzy Hash: B911B231504514EBDF20AFA5CD4169F36A0EF14368B29493FE942B22F1D63E8981DA5D

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 555 4071f5-4071fb 556 407200-40721e 555->556 557 4071fd-4071ff 555->557 558 4074f1-4074fe 556->558 559 40742c-407441 556->559 557->556 560 407528-40752c 558->560 561 407443-407459 559->561 562 40745b-407471 559->562 563 40758c-40759f 560->563 564 40752e-40754f 560->564 565 407474-40747b 561->565 562->565 570 4074a8-4074ae 563->570 568 407551-407566 564->568 569 407568-40757b 564->569 566 4074a2 565->566 567 40747d-407481 565->567 566->570 571 407630-40763a 567->571 572 407487-40749f 567->572 573 40757e-407585 568->573 569->573 575 406c53 570->575 576 40765b 570->576 579 407646-407659 571->579 572->566 577 407525 573->577 578 407587 573->578 580 406c5a-406c5e 575->580 581 406d9a-406dbb 575->581 582 406cff-406d03 575->582 583 406d6f-406d73 575->583 585 40765e-407662 576->585 577->560 591 40750a-407522 578->591 592 40763c 578->592 579->585 580->579 586 406c64-406c71 580->586 581->559 589 406d09-406d22 582->589 590 4075af-4075b9 582->590 587 406d79-406d8d 583->587 588 4075be-4075c8 583->588 586->576 594 406c77-406cbd 586->594 595 406d90-406d98 587->595 588->579 593 406d25-406d29 589->593 590->579 591->577 592->579 593->582 596 406d2b-406d31 593->596 597 406ce5-406ce7 594->597 598 406cbf-406cc3 594->598 595->581 595->583 599 406d33-406d3a 596->599 600 406d5b-406d6d 596->600 603 406cf5-406cfd 597->603 604 406ce9-406cf3 597->604 601 406cc5-406cc8 GlobalFree 598->601 602 406cce-406cdc GlobalAlloc 598->602 605 406d45-406d55 GlobalAlloc 599->605 606 406d3c-406d3f GlobalFree 599->606 600->595 601->602 602->576 607 406ce2 602->607 603->593 604->603 604->604 605->576 605->600 606->605 607->597
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.2395495639.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395466379.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395527121.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395753113.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_DHzscd9uqT.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 8001648312b76757b4dc2f3646509216fc345bf83ee85411accbee75f523ad1d
                                                                                                                                                                                                              • Instruction ID: 24c32228aea39238aae05165091b6f794a4b9b1c66cd55bc1afee76a19a4bada
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8001648312b76757b4dc2f3646509216fc345bf83ee85411accbee75f523ad1d
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 10A14471E04228DBDF28CFA8C8446ADBBB1FF44305F14856ED856BB281C7786A86DF45

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 608 4073f6-4073fa 609 40741c-407429 608->609 610 4073fc-4074fe 608->610 611 40742c-407441 609->611 620 407528-40752c 610->620 614 407443-407459 611->614 615 40745b-407471 611->615 617 407474-40747b 614->617 615->617 618 4074a2 617->618 619 40747d-407481 617->619 625 4074a8-4074ae 618->625 621 407630-40763a 619->621 622 407487-40749f 619->622 623 40758c-40759f 620->623 624 40752e-40754f 620->624 629 407646-407659 621->629 622->618 623->625 626 407551-407566 624->626 627 407568-40757b 624->627 630 406c53 625->630 631 40765b 625->631 632 40757e-407585 626->632 627->632 633 40765e-407662 629->633 634 406c5a-406c5e 630->634 635 406d9a-406dbb 630->635 636 406cff-406d03 630->636 637 406d6f-406d73 630->637 631->633 638 407525 632->638 639 407587 632->639 634->629 640 406c64-406c71 634->640 635->611 644 406d09-406d22 636->644 645 4075af-4075b9 636->645 641 406d79-406d8d 637->641 642 4075be-4075c8 637->642 638->620 649 40750a-407522 639->649 650 40763c 639->650 640->631 647 406c77-406cbd 640->647 648 406d90-406d98 641->648 642->629 646 406d25-406d29 644->646 645->629 646->636 651 406d2b-406d31 646->651 652 406ce5-406ce7 647->652 653 406cbf-406cc3 647->653 648->635 648->637 649->638 650->629 654 406d33-406d3a 651->654 655 406d5b-406d6d 651->655 658 406cf5-406cfd 652->658 659 406ce9-406cf3 652->659 656 406cc5-406cc8 GlobalFree 653->656 657 406cce-406cdc GlobalAlloc 653->657 660 406d45-406d55 GlobalAlloc 654->660 661 406d3c-406d3f GlobalFree 654->661 655->648 656->657 657->631 662 406ce2 657->662 658->646 659->658 659->659 660->631 660->655 661->660 662->652
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.2395495639.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395466379.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395527121.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395753113.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_DHzscd9uqT.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 2384488d3f0122d52eec19d06177794e899fdfc3e1a025a719282f78321e7206
                                                                                                                                                                                                              • Instruction ID: b8cb9ce97df986fef79018f719ec18ee870a51f75f9c549f23c9243a2682c43e
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2384488d3f0122d52eec19d06177794e899fdfc3e1a025a719282f78321e7206
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 48912370D04228CBDF28CF98C8947ADBBB1FF44305F14856AD856BB291C778A986DF45

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 663 40710c-407110 664 407116-40711a 663->664 665 4071c7-4071d6 663->665 666 407120-407134 664->666 667 40765b 664->667 668 40742c-407441 665->668 669 4075fa-407604 666->669 670 40713a-407143 666->670 671 40765e-407662 667->671 672 407443-407459 668->672 673 40745b-407471 668->673 676 407646-407659 669->676 674 407145 670->674 675 407148-407178 670->675 677 407474-40747b 672->677 673->677 674->675 675->665 684 406c44-406c4d 675->684 676->671 678 4074a2-4074ae 677->678 679 40747d-407481 677->679 678->684 681 407630-40763a 679->681 682 407487-40749f 679->682 681->676 682->678 684->667 685 406c53 684->685 686 406c5a-406c5e 685->686 687 406d9a-406dbb 685->687 688 406cff-406d03 685->688 689 406d6f-406d73 685->689 686->676 690 406c64-406c71 686->690 687->668 693 406d09-406d22 688->693 694 4075af-4075b9 688->694 691 406d79-406d8d 689->691 692 4075be-4075c8 689->692 690->667 696 406c77-406cbd 690->696 697 406d90-406d98 691->697 692->676 695 406d25-406d29 693->695 694->676 695->688 698 406d2b-406d31 695->698 699 406ce5-406ce7 696->699 700 406cbf-406cc3 696->700 697->687 697->689 701 406d33-406d3a 698->701 702 406d5b-406d6d 698->702 705 406cf5-406cfd 699->705 706 406ce9-406cf3 699->706 703 406cc5-406cc8 GlobalFree 700->703 704 406cce-406cdc GlobalAlloc 700->704 707 406d45-406d55 GlobalAlloc 701->707 708 406d3c-406d3f GlobalFree 701->708 702->697 703->704 704->667 709 406ce2 704->709 705->695 706->705 706->706 707->667 707->702 708->707 709->699
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.2395495639.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395466379.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395527121.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395753113.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_DHzscd9uqT.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 27b0d047e0c308e0b5114cd8a4e3873cb63df72f9853a9642e586e78b8cecf79
                                                                                                                                                                                                              • Instruction ID: 4da454054b0c3dd02772a9c96e50ae6a11cdbe5b18e0bc5540401a1e7d1606fc
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 27b0d047e0c308e0b5114cd8a4e3873cb63df72f9853a9642e586e78b8cecf79
                                                                                                                                                                                                              • Instruction Fuzzy Hash: E4813471D04228DBDF24CFA8C8847ADBBB1FF45305F24816AD456BB281C778AA86DF45

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 710 406c11-406c34 711 406c36-406c39 710->711 712 406c3e-406c41 710->712 713 40765e-407662 711->713 714 406c44-406c4d 712->714 715 406c53 714->715 716 40765b 714->716 717 406c5a-406c5e 715->717 718 406d9a-407441 715->718 719 406cff-406d03 715->719 720 406d6f-406d73 715->720 716->713 721 406c64-406c71 717->721 722 407646-407659 717->722 731 407443-407459 718->731 732 40745b-407471 718->732 726 406d09-406d22 719->726 727 4075af-4075b9 719->727 723 406d79-406d8d 720->723 724 4075be-4075c8 720->724 721->716 729 406c77-406cbd 721->729 722->713 730 406d90-406d98 723->730 724->722 728 406d25-406d29 726->728 727->722 728->719 733 406d2b-406d31 728->733 734 406ce5-406ce7 729->734 735 406cbf-406cc3 729->735 730->718 730->720 736 407474-40747b 731->736 732->736 739 406d33-406d3a 733->739 740 406d5b-406d6d 733->740 743 406cf5-406cfd 734->743 744 406ce9-406cf3 734->744 741 406cc5-406cc8 GlobalFree 735->741 742 406cce-406cdc GlobalAlloc 735->742 737 4074a2-4074ae 736->737 738 40747d-407481 736->738 737->714 745 407630-40763a 738->745 746 407487-40749f 738->746 748 406d45-406d55 GlobalAlloc 739->748 749 406d3c-406d3f GlobalFree 739->749 740->730 741->742 742->716 750 406ce2 742->750 743->728 744->743 744->744 745->722 746->737 748->716 748->740 749->748 750->734
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.2395495639.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395466379.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395527121.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395753113.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_DHzscd9uqT.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 4f111ab4920ac525fdea371edc0372209efebd88f4f49b64d61f26737748280a
                                                                                                                                                                                                              • Instruction ID: a75c210e76fb72c91da92bd055febaaadf45c37f1dc492509737fdaa257f63d6
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4f111ab4920ac525fdea371edc0372209efebd88f4f49b64d61f26737748280a
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2D817731D04228DBDF24CFA8C844BADBBB1FF44315F20856AD856BB281C7796A86DF45

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 751 40705f-407063 752 407081-4070c4 751->752 753 407065-40707c 751->753 754 40742c-407441 752->754 753->754 755 407443-407459 754->755 756 40745b-407471 754->756 757 407474-40747b 755->757 756->757 758 4074a2-4074ae 757->758 759 40747d-407481 757->759 765 406c53 758->765 766 40765b 758->766 760 407630-40763a 759->760 761 407487-40749f 759->761 764 407646-407659 760->764 761->758 767 40765e-407662 764->767 768 406c5a-406c5e 765->768 769 406d9a-406dbb 765->769 770 406cff-406d03 765->770 771 406d6f-406d73 765->771 766->767 768->764 772 406c64-406c71 768->772 769->754 775 406d09-406d22 770->775 776 4075af-4075b9 770->776 773 406d79-406d8d 771->773 774 4075be-4075c8 771->774 772->766 778 406c77-406cbd 772->778 779 406d90-406d98 773->779 774->764 777 406d25-406d29 775->777 776->764 777->770 780 406d2b-406d31 777->780 781 406ce5-406ce7 778->781 782 406cbf-406cc3 778->782 779->769 779->771 783 406d33-406d3a 780->783 784 406d5b-406d6d 780->784 787 406cf5-406cfd 781->787 788 406ce9-406cf3 781->788 785 406cc5-406cc8 GlobalFree 782->785 786 406cce-406cdc GlobalAlloc 782->786 789 406d45-406d55 GlobalAlloc 783->789 790 406d3c-406d3f GlobalFree 783->790 784->779 785->786 786->766 791 406ce2 786->791 787->777 788->787 788->788 789->766 789->784 790->789 791->781
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.2395495639.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395466379.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395527121.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395753113.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_DHzscd9uqT.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: eb6308170f34cf48dfcb4d8f9c09bb4bb9b1200d68288f83770d90fe7aa59a96
                                                                                                                                                                                                              • Instruction ID: 2ce83fc52b21f36f835e1fdafd5cf74e6ced0850754c4da96a209bb8fab2d9ce
                                                                                                                                                                                                              • Opcode Fuzzy Hash: eb6308170f34cf48dfcb4d8f9c09bb4bb9b1200d68288f83770d90fe7aa59a96
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 11712471D04228DBDF28CFA8C8847ADBBB1FF48305F15806AD856B7281C778A986DF55

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 792 40717d-407181 793 407183-4071d6 792->793 794 407188-40719f 792->794 796 40742c-407441 793->796 794->796 798 407443-407459 796->798 799 40745b-407471 796->799 800 407474-40747b 798->800 799->800 801 4074a2-4074ae 800->801 802 40747d-407481 800->802 808 406c53 801->808 809 40765b 801->809 803 407630-40763a 802->803 804 407487-40749f 802->804 807 407646-407659 803->807 804->801 810 40765e-407662 807->810 811 406c5a-406c5e 808->811 812 406d9a-406dbb 808->812 813 406cff-406d03 808->813 814 406d6f-406d73 808->814 809->810 811->807 815 406c64-406c71 811->815 812->796 818 406d09-406d22 813->818 819 4075af-4075b9 813->819 816 406d79-406d8d 814->816 817 4075be-4075c8 814->817 815->809 821 406c77-406cbd 815->821 822 406d90-406d98 816->822 817->807 820 406d25-406d29 818->820 819->807 820->813 823 406d2b-406d31 820->823 824 406ce5-406ce7 821->824 825 406cbf-406cc3 821->825 822->812 822->814 826 406d33-406d3a 823->826 827 406d5b-406d6d 823->827 830 406cf5-406cfd 824->830 831 406ce9-406cf3 824->831 828 406cc5-406cc8 GlobalFree 825->828 829 406cce-406cdc GlobalAlloc 825->829 832 406d45-406d55 GlobalAlloc 826->832 833 406d3c-406d3f GlobalFree 826->833 827->822 828->829 829->809 834 406ce2 829->834 830->820 831->830 831->831 832->809 832->827 833->832 834->824
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.2395495639.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395466379.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395527121.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395753113.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_DHzscd9uqT.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 35efb6cfb69a5e3ac5770c17f23e35896c35ba4500d931508133f68803cc17e7
                                                                                                                                                                                                              • Instruction ID: eaca5e257ecba6057ed761995cb39389c4d8ec983a179070fe5d03b82c062b57
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 35efb6cfb69a5e3ac5770c17f23e35896c35ba4500d931508133f68803cc17e7
                                                                                                                                                                                                              • Instruction Fuzzy Hash: BF713671E04218DBDF28CFA8C884BADBBB1FF44305F14806AD856BB281C7786986DF55
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.2395495639.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395466379.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395527121.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395753113.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_DHzscd9uqT.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 3a7222321010e346b35687484556753c48e929d86f13e87db132154ce9d598b8
                                                                                                                                                                                                              • Instruction ID: 26522df2f7fda751442351ae768cbf4c3b612a3e7fb567ef5040218afec9c9a0
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3a7222321010e346b35687484556753c48e929d86f13e87db132154ce9d598b8
                                                                                                                                                                                                              • Instruction Fuzzy Hash: CB713771D04228DBEF28CF98C8447ADBBB1FF44305F15806AD856B7281C778A946DF45
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetTickCount.KERNEL32 ref: 004034B2
                                                                                                                                                                                                                • Part of subcall function 0040361D: SetFilePointer.KERNELBASE(00000000,00000000,00000000,0040331B,?), ref: 0040362B
                                                                                                                                                                                                              • SetFilePointer.KERNELBASE(00000000,00000000,?,00000000,004033C8,00000004,00000000,00000000,?,?,00403342,000000FF,00000000,00000000,00008001,?), ref: 004034E5
                                                                                                                                                                                                              • SetFilePointer.KERNELBASE(099FD7C3,00000000,00000000,00414EF0,00004000,?,00000000,004033C8,00000004,00000000,00000000,?,?,00403342,000000FF,00000000), ref: 004035E0
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.2395495639.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395466379.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395527121.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395753113.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_DHzscd9uqT.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: FilePointer$CountTick
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 1092082344-0
                                                                                                                                                                                                              • Opcode ID: 1344b17e1481b80582bdb0ed23b8c3804af25e72a501c03e477dd398e9b7707c
                                                                                                                                                                                                              • Instruction ID: f81ac03ea206090be76b65a385b2ac7d4b581aa0cbae2b80a2d2021fe8c89915
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1344b17e1481b80582bdb0ed23b8c3804af25e72a501c03e477dd398e9b7707c
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7E319CB2600201EFC7209F29EE859263FA9F740356B55023BF901B22F1CBB59E41DB9C
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • WaitForSingleObject.KERNEL32(?,00000064), ref: 00406B52
                                                                                                                                                                                                              • WaitForSingleObject.KERNEL32(?,00000064,0000000F), ref: 00406B67
                                                                                                                                                                                                              • GetExitCodeProcess.KERNELBASE(?,?), ref: 00406B74
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.2395495639.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395466379.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395527121.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395753113.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_DHzscd9uqT.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: ObjectSingleWait$CodeExitProcess
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 2567322000-0
                                                                                                                                                                                                              • Opcode ID: 8ff07581d1a9b179a96ae9e6ed15c74e4a8339333c72220da53f642c9193dd0c
                                                                                                                                                                                                              • Instruction ID: 0a43b9f96fb2b6b0c204ab13ec475b47687dff995c0faea4a1be46f6685e1a01
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8ff07581d1a9b179a96ae9e6ed15c74e4a8339333c72220da53f642c9193dd0c
                                                                                                                                                                                                              • Instruction Fuzzy Hash: AFE09271600218BBDB00AB54CD01EDE7B6ADB45700F104036B601B6190D6B5AE62DA98
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • CloseHandle.KERNEL32(FFFFFFFF,C:\Users\user\AppData\Local\Temp\,00403BB5,?,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00403C94
                                                                                                                                                                                                              • CloseHandle.KERNEL32(FFFFFFFF,C:\Users\user\AppData\Local\Temp\,00403BB5,?,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00403CA8
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              • C:\Users\user\AppData\Local\Temp\, xrefs: 00403C87
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.2395495639.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395466379.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395527121.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395753113.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_DHzscd9uqT.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CloseHandle
                                                                                                                                                                                                              • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                                                                                                                                              • API String ID: 2962429428-3936084776
                                                                                                                                                                                                              • Opcode ID: 086b160130842a814a4e9b5545a395853c7c68b4ec478be6097ae432c06932c7
                                                                                                                                                                                                              • Instruction ID: 6bfdaf564fb6f4d857381f61ee43f4b3e7b9b57b480fcef53b70eb5bee5fd527
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 086b160130842a814a4e9b5545a395853c7c68b4ec478be6097ae432c06932c7
                                                                                                                                                                                                              • Instruction Fuzzy Hash: ADE0863150471896D5346F7CAF4D9853B185F413357258327F078F20F0C738D95A5AAD
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • SetFilePointer.KERNELBASE(00008001,00000000,00000000,00000000,00000000,?,?,00403342,000000FF,00000000,00000000,00008001,?), ref: 004033BB
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.2395495639.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395466379.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395527121.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395753113.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_DHzscd9uqT.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: FilePointer
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 973152223-0
                                                                                                                                                                                                              • Opcode ID: 3d500f412808721b8c87be071932eede801725a1d128c96ac4c777ed30e32dcd
                                                                                                                                                                                                              • Instruction ID: 0f6a82c9814b8130565900c4f77509fb73920235a48305220d01948b4924e2c4
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3d500f412808721b8c87be071932eede801725a1d128c96ac4c777ed30e32dcd
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 31317170640219BBDB22DF59ED48A9E3FA8EB00359F10443BF904FA1D1D3788E519BA9
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
                                                                                                                                                                                                              • SendMessageW.USER32(0040A230,00000402,00000000), ref: 004013F4
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.2395495639.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395466379.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395527121.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395753113.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_DHzscd9uqT.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: MessageSend
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3850602802-0
                                                                                                                                                                                                              • Opcode ID: 44422ec4cc38e602ea7d4d2f5f5b5ed5cf3abc39ac7d2c30bec0a520d1a14902
                                                                                                                                                                                                              • Instruction ID: 4cdfa14fa51073ec67c7732ce5b449902c092ffb61bdcee16cd85da0f6320b18
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 44422ec4cc38e602ea7d4d2f5f5b5ed5cf3abc39ac7d2c30bec0a520d1a14902
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0F01F4327212209BE7295B389D05B6B3698E710354F10863FF855F6AF1DA78CC429B4C
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • CreateProcessW.KERNELBASE(00000000,0042C800,00000000,00000000,00000000,04000000,00000000,00000000,00425F50,?,?,?,0042C800,?), ref: 00405CAE
                                                                                                                                                                                                              • CloseHandle.KERNEL32(?,?,?,0042C800,?), ref: 00405CBB
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.2395495639.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395466379.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395527121.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395753113.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_DHzscd9uqT.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CloseCreateHandleProcess
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3712363035-0
                                                                                                                                                                                                              • Opcode ID: dc4e0aa2a6e4d88c421582106c1d46ba955b2ae98b0244f92ff0ec2e2b298c3d
                                                                                                                                                                                                              • Instruction ID: 3c730061575d40878ccbcf559f5dc137d48881e2855f55d79af12727e8fe0db1
                                                                                                                                                                                                              • Opcode Fuzzy Hash: dc4e0aa2a6e4d88c421582106c1d46ba955b2ae98b0244f92ff0ec2e2b298c3d
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0BE0BFB4600219BFFB109B64EE49F7B7B7CE700644F418425BD14F2591D77498149A7C
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetModuleHandleA.KERNEL32(?,00000020,?,00403775,0000000C,?,?,?,?,?,?,?,?), ref: 00406AA8
                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,?), ref: 00406AC3
                                                                                                                                                                                                                • Part of subcall function 00406A26: GetSystemDirectoryW.KERNEL32(?,00000104), ref: 00406A3D
                                                                                                                                                                                                                • Part of subcall function 00406A26: wsprintfW.USER32 ref: 00406A78
                                                                                                                                                                                                                • Part of subcall function 00406A26: LoadLibraryExW.KERNEL32(?,00000000,00000008), ref: 00406A8C
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.2395495639.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395466379.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395527121.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395753113.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_DHzscd9uqT.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: AddressDirectoryHandleLibraryLoadModuleProcSystemwsprintf
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 2547128583-0
                                                                                                                                                                                                              • Opcode ID: ecfc0d1632056c4e1693efd0f98aabdfe4a2c93a6abc515f3d9591ad468ff55d
                                                                                                                                                                                                              • Instruction ID: 6883b19bcb958afdb132cd43d0a9aeb12fc85c99e1cf53eaa24744f9dd55f8c1
                                                                                                                                                                                                              • Opcode Fuzzy Hash: ecfc0d1632056c4e1693efd0f98aabdfe4a2c93a6abc515f3d9591ad468ff55d
                                                                                                                                                                                                              • Instruction Fuzzy Hash: CDE08636714611ABD210BA745E48C6777A89F86610306C83EF542F2141D734DC33AA79
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetFileAttributesW.KERNELBASE(00000003,00403138,00437800,80000000,00000003), ref: 00406196
                                                                                                                                                                                                              • CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 004061B8
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.2395495639.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395466379.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395527121.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395753113.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_DHzscd9uqT.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: File$AttributesCreate
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 415043291-0
                                                                                                                                                                                                              • Opcode ID: d28f21770be58fa8ab322e44db2ef64be76ab1399ecbb41bfd548adfe90c5e60
                                                                                                                                                                                                              • Instruction ID: be52236ca1bfc2e7009fe271a1dfd41440a2a0d1ebc26b2cb4c8630358080456
                                                                                                                                                                                                              • Opcode Fuzzy Hash: d28f21770be58fa8ab322e44db2ef64be76ab1399ecbb41bfd548adfe90c5e60
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 30D09E31254301EFFF098F20DE16F2EBAA2EB94B00F11952CB682941E0DA715819DB15
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetFileAttributesW.KERNELBASE(?,?,00405D72,?,?,00000000,00405F48,?,?,?,?), ref: 00406172
                                                                                                                                                                                                              • SetFileAttributesW.KERNEL32(?,00000000), ref: 00406186
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.2395495639.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395466379.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395527121.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395753113.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_DHzscd9uqT.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: AttributesFile
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3188754299-0
                                                                                                                                                                                                              • Opcode ID: bc30e5c928ed30f9cb3e730bb3a024ff28878b527ec9bdb2640fa07c227b463d
                                                                                                                                                                                                              • Instruction ID: 83b49fe15d4d51a1c27b4b8da2ab4689423c6710ab607d501633f61f971848cf
                                                                                                                                                                                                              • Opcode Fuzzy Hash: bc30e5c928ed30f9cb3e730bb3a024ff28878b527ec9bdb2640fa07c227b463d
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 63D0C972504220BFC2102728AE0889BBB55DB552717028A35FCA9A22B0CB314C6A86A4
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • CreateDirectoryW.KERNELBASE(?,00000000,00403658,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,0040394F,?,00000008,0000000A,0000000C), ref: 00405C56
                                                                                                                                                                                                              • GetLastError.KERNEL32(?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00405C64
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.2395495639.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395466379.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395527121.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395753113.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_DHzscd9uqT.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CreateDirectoryErrorLast
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 1375471231-0
                                                                                                                                                                                                              • Opcode ID: 713f00ffaa2578e3ba1d99e04a2fab42aad7341dbc9e3b83e2e07bf738d273a4
                                                                                                                                                                                                              • Instruction ID: 868687b2a80a8d4cb6d5034857ca3092976d2c25b2f3b55ea206b3a8d14aaeda
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 713f00ffaa2578e3ba1d99e04a2fab42aad7341dbc9e3b83e2e07bf738d273a4
                                                                                                                                                                                                              • Instruction Fuzzy Hash: C7C04C30608701DAEA105B31DE8CB177A50BB54741F198439A582F41B0DA348555D92D
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • WriteFile.KERNELBASE(00008001,00000000,00000000,00000000,00000000,00410FFE,0040CEF0,0040359E,0040CEF0,00410FFE,00414EF0,00004000,?,00000000,004033C8,00000004), ref: 00406258
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.2395495639.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395466379.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395527121.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395753113.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_DHzscd9uqT.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: FileWrite
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3934441357-0
                                                                                                                                                                                                              • Opcode ID: 4494c28c6fc58b77f7b94402ffbb10e79d92760fb9961e7d9dbcb201027e3d13
                                                                                                                                                                                                              • Instruction ID: 50ccb5e768420c5b79bdfebb9096a84dabe54a6ff5c0a4120d9a71b85527c923
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4494c28c6fc58b77f7b94402ffbb10e79d92760fb9961e7d9dbcb201027e3d13
                                                                                                                                                                                                              • Instruction Fuzzy Hash: FDE08C3221821AABCF10BE608C00EEB3B6CEB017A0F02447AFD56E3050D231E83097A8
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • ReadFile.KERNELBASE(00008001,00000000,00000000,00000000,00000000,00414EF0,0040CEF0,0040361A,00008001,00008001,0040351E,00414EF0,00004000,?,00000000,004033C8), ref: 00406229
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.2395495639.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395466379.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395527121.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395753113.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_DHzscd9uqT.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: FileRead
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 2738559852-0
                                                                                                                                                                                                              • Opcode ID: 076a4193e787d8b2f8fcded04b516b0b1a94860d7d4352c54bed072072f3bbd3
                                                                                                                                                                                                              • Instruction ID: fbac330590941eb325162a4ee9bfa4b3c7313c609e27a1dd4f64d068a4d06545
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 076a4193e787d8b2f8fcded04b516b0b1a94860d7d4352c54bed072072f3bbd3
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8FE08632110129ABCF106E549C00EEB375CEF05350F014876F951E3040D730E83187A5
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • SetFilePointer.KERNELBASE(00000000,00000000,00000000,0040331B,?), ref: 0040362B
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.2395495639.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395466379.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395527121.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395753113.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_DHzscd9uqT.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: FilePointer
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 973152223-0
                                                                                                                                                                                                              • Opcode ID: 9851be0de28bb9513f6e500a0df6ea838ed72b99fd7baa621d8f85bec57c8f40
                                                                                                                                                                                                              • Instruction ID: 1f5c7ae16c2334422adcad36111bde95194575cbdac9b1f52e29a9f6e91cc98e
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9851be0de28bb9513f6e500a0df6ea838ed72b99fd7baa621d8f85bec57c8f40
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 34B01271240300BFDA214F00DF09F057B21ABA0700F10C034B388380F086711035EB0D
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                • Part of subcall function 00405727: lstrlenW.KERNEL32(00421F28,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030CD,00000000,?), ref: 0040575F
                                                                                                                                                                                                                • Part of subcall function 00405727: lstrlenW.KERNEL32(004030CD,00421F28,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030CD,00000000), ref: 0040576F
                                                                                                                                                                                                                • Part of subcall function 00405727: lstrcatW.KERNEL32(00421F28,004030CD,004030CD,00421F28,00000000,00000000,00000000), ref: 00405782
                                                                                                                                                                                                                • Part of subcall function 00405727: SetWindowTextW.USER32(00421F28,00421F28), ref: 00405794
                                                                                                                                                                                                                • Part of subcall function 00405727: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 004057BA
                                                                                                                                                                                                                • Part of subcall function 00405727: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 004057D4
                                                                                                                                                                                                                • Part of subcall function 00405727: SendMessageW.USER32(?,00001013,?,00000000), ref: 004057E2
                                                                                                                                                                                                                • Part of subcall function 00405C85: CreateProcessW.KERNELBASE(00000000,0042C800,00000000,00000000,00000000,04000000,00000000,00000000,00425F50,?,?,?,0042C800,?), ref: 00405CAE
                                                                                                                                                                                                                • Part of subcall function 00405C85: CloseHandle.KERNEL32(?,?,?,0042C800,?), ref: 00405CBB
                                                                                                                                                                                                              • CloseHandle.KERNEL32(?,?,?,?,?,?), ref: 00402010
                                                                                                                                                                                                                • Part of subcall function 00406B41: WaitForSingleObject.KERNEL32(?,00000064), ref: 00406B52
                                                                                                                                                                                                                • Part of subcall function 00406B41: GetExitCodeProcess.KERNELBASE(?,?), ref: 00406B74
                                                                                                                                                                                                                • Part of subcall function 004065E9: wsprintfW.USER32 ref: 004065F6
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.2395495639.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395466379.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395527121.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395753113.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_DHzscd9uqT.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: MessageSend$CloseHandleProcesslstrlen$CodeCreateExitObjectSingleTextWaitWindowlstrcatwsprintf
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 2972824698-0
                                                                                                                                                                                                              • Opcode ID: fa8c836efe36519fa52185e1f233bf547c864a218fdb28f1f18d18d5cddcd6e8
                                                                                                                                                                                                              • Instruction ID: 5ec8f1ba08e9840dea923bca67266c83376547b269141edce926560ea608d087
                                                                                                                                                                                                              • Opcode Fuzzy Hash: fa8c836efe36519fa52185e1f233bf547c864a218fdb28f1f18d18d5cddcd6e8
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7AF09C31904615DBEF20BB655AC95DE7665DF00318F11413FE202B21D5CABC4D41A75D
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetDlgItem.USER32(?,00000403), ref: 004058C4
                                                                                                                                                                                                              • GetDlgItem.USER32(?,000003EE), ref: 004058D3
                                                                                                                                                                                                              • GetClientRect.USER32(?,?), ref: 00405910
                                                                                                                                                                                                              • GetSystemMetrics.USER32(00000002), ref: 00405917
                                                                                                                                                                                                              • SendMessageW.USER32(?,00001061,00000000,?), ref: 00405938
                                                                                                                                                                                                              • SendMessageW.USER32(?,00001036,00004000,00004000), ref: 00405949
                                                                                                                                                                                                              • SendMessageW.USER32(?,00001001,00000000,00000110), ref: 0040595C
                                                                                                                                                                                                              • SendMessageW.USER32(?,00001026,00000000,00000110), ref: 0040596A
                                                                                                                                                                                                              • SendMessageW.USER32(?,00001024,00000000,?), ref: 0040597D
                                                                                                                                                                                                              • ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 0040599F
                                                                                                                                                                                                              • ShowWindow.USER32(?,00000008), ref: 004059B3
                                                                                                                                                                                                              • GetDlgItem.USER32(?,000003EC), ref: 004059D4
                                                                                                                                                                                                              • SendMessageW.USER32(00000000,00000401,00000000,75300000), ref: 004059E4
                                                                                                                                                                                                              • SendMessageW.USER32(00000000,00000409,00000000,?), ref: 004059FD
                                                                                                                                                                                                              • SendMessageW.USER32(00000000,00002001,00000000,00000110), ref: 00405A09
                                                                                                                                                                                                              • GetDlgItem.USER32(?,000003F8), ref: 004058E2
                                                                                                                                                                                                                • Part of subcall function 00404656: SendMessageW.USER32(00000028,?,00000001,00404481), ref: 00404664
                                                                                                                                                                                                              • GetDlgItem.USER32(?,000003EC), ref: 00405A26
                                                                                                                                                                                                              • CreateThread.KERNEL32(00000000,00000000,Function_000057FA,00000000), ref: 00405A34
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 00405A3B
                                                                                                                                                                                                              • ShowWindow.USER32(00000000), ref: 00405A5F
                                                                                                                                                                                                              • ShowWindow.USER32(?,00000008), ref: 00405A64
                                                                                                                                                                                                              • ShowWindow.USER32(00000008), ref: 00405AAE
                                                                                                                                                                                                              • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405AE2
                                                                                                                                                                                                              • CreatePopupMenu.USER32 ref: 00405AF3
                                                                                                                                                                                                              • AppendMenuW.USER32(00000000,00000000,00000001,00000000), ref: 00405B07
                                                                                                                                                                                                              • GetWindowRect.USER32(?,?), ref: 00405B27
                                                                                                                                                                                                              • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 00405B40
                                                                                                                                                                                                              • SendMessageW.USER32(?,00001073,00000000,?), ref: 00405B78
                                                                                                                                                                                                              • OpenClipboard.USER32(00000000), ref: 00405B88
                                                                                                                                                                                                              • EmptyClipboard.USER32 ref: 00405B8E
                                                                                                                                                                                                              • GlobalAlloc.KERNEL32(00000042,00000000), ref: 00405B9A
                                                                                                                                                                                                              • GlobalLock.KERNEL32(00000000), ref: 00405BA4
                                                                                                                                                                                                              • SendMessageW.USER32(?,00001073,00000000,?), ref: 00405BB8
                                                                                                                                                                                                              • GlobalUnlock.KERNEL32(00000000), ref: 00405BD8
                                                                                                                                                                                                              • SetClipboardData.USER32(0000000D,00000000), ref: 00405BE3
                                                                                                                                                                                                              • CloseClipboard.USER32 ref: 00405BE9
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.2395495639.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395466379.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395527121.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395753113.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_DHzscd9uqT.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlock
                                                                                                                                                                                                              • String ID: H/B${
                                                                                                                                                                                                              • API String ID: 590372296-332483393
                                                                                                                                                                                                              • Opcode ID: b4ac37d96ff1ca46bd369c895d54e34b2496975cf73faa18766466022b69d915
                                                                                                                                                                                                              • Instruction ID: 26959a90f0a266772171a70e0d2c3eddd0d3dcd8a9821819e75e01dae6d4cf8f
                                                                                                                                                                                                              • Opcode Fuzzy Hash: b4ac37d96ff1ca46bd369c895d54e34b2496975cf73faa18766466022b69d915
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1EB158B0900608FFEB11AF60DD859AE7B79FB08354F00413AFA45BA1A0CB785E51DF68
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetDlgItem.USER32(?,000003FB), ref: 00404B61
                                                                                                                                                                                                              • SetWindowTextW.USER32(00000000,?), ref: 00404B8B
                                                                                                                                                                                                              • SHBrowseForFolderW.SHELL32(?), ref: 00404C3C
                                                                                                                                                                                                              • CoTaskMemFree.OLE32(00000000), ref: 00404C47
                                                                                                                                                                                                              • lstrcmpiW.KERNEL32(C:\Users\user\AppData\Roaming\InstallerPDW\install.exe,00422F48,00000000,?,?), ref: 00404C79
                                                                                                                                                                                                              • lstrcatW.KERNEL32(?,C:\Users\user\AppData\Roaming\InstallerPDW\install.exe), ref: 00404C85
                                                                                                                                                                                                              • SetDlgItemTextW.USER32(?,000003FB,?), ref: 00404C97
                                                                                                                                                                                                                • Part of subcall function 00405CE6: GetDlgItemTextW.USER32(?,?,00000400,00404CCE), ref: 00405CF9
                                                                                                                                                                                                                • Part of subcall function 00406950: CharNextW.USER32(?,*?|<>/":,00000000,"C:\Users\user\Desktop\DHzscd9uqT.exe",76233420,C:\Users\user\AppData\Local\Temp\,00000000,00403640,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,0040394F,?,00000008,0000000A,0000000C), ref: 004069B3
                                                                                                                                                                                                                • Part of subcall function 00406950: CharNextW.USER32(?,?,?,00000000,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 004069C2
                                                                                                                                                                                                                • Part of subcall function 00406950: CharNextW.USER32(?,"C:\Users\user\Desktop\DHzscd9uqT.exe",76233420,C:\Users\user\AppData\Local\Temp\,00000000,00403640,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,0040394F,?,00000008,0000000A,0000000C), ref: 004069C7
                                                                                                                                                                                                                • Part of subcall function 00406950: CharPrevW.USER32(?,?,76233420,C:\Users\user\AppData\Local\Temp\,00000000,00403640,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,0040394F,?,00000008,0000000A,0000000C), ref: 004069DA
                                                                                                                                                                                                              • GetDiskFreeSpaceW.KERNEL32(00420F18,?,?,0000040F,?,00420F18,00420F18,?,00000001,00420F18,?,?,000003FB,?), ref: 00404D5A
                                                                                                                                                                                                              • MulDiv.KERNEL32(?,0000040F,00000400), ref: 00404D75
                                                                                                                                                                                                                • Part of subcall function 00404ECE: lstrlenW.KERNEL32(00422F48,00422F48,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404F6F
                                                                                                                                                                                                                • Part of subcall function 00404ECE: wsprintfW.USER32 ref: 00404F78
                                                                                                                                                                                                                • Part of subcall function 00404ECE: SetDlgItemTextW.USER32(?,00422F48), ref: 00404F8B
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.2395495639.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395466379.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395527121.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395753113.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_DHzscd9uqT.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpilstrlenwsprintf
                                                                                                                                                                                                              • String ID: A$C:\Users\user\AppData\Roaming\InstallerPDW$C:\Users\user\AppData\Roaming\InstallerPDW\install.exe$H/B
                                                                                                                                                                                                              • API String ID: 2624150263-195153605
                                                                                                                                                                                                              • Opcode ID: 5391f58817f8cb56906519b00545e03f0092e071ef6120135fd40e88676cc4e1
                                                                                                                                                                                                              • Instruction ID: d1d33be9ed2b3c34a6912e34267e60509d8c64d33f654f2361a06684bbdb7283
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5391f58817f8cb56906519b00545e03f0092e071ef6120135fd40e88676cc4e1
                                                                                                                                                                                                              • Instruction Fuzzy Hash: FBA191B1900209ABDB11AFA5CD41AEFB7B8FF84754F11843BF601B62D1DB7C89418B69
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • DeleteFileW.KERNEL32(?,?,76233420,76232EE0,"C:\Users\user\Desktop\DHzscd9uqT.exe"), ref: 00405DD7
                                                                                                                                                                                                              • lstrcatW.KERNEL32(00424F50,\*.*,00424F50,?,?,76233420,76232EE0,"C:\Users\user\Desktop\DHzscd9uqT.exe"), ref: 00405E1F
                                                                                                                                                                                                              • lstrcatW.KERNEL32(?,0040A014,?,00424F50,?,?,76233420,76232EE0,"C:\Users\user\Desktop\DHzscd9uqT.exe"), ref: 00405E42
                                                                                                                                                                                                              • lstrlenW.KERNEL32(?,?,0040A014,?,00424F50,?,?,76233420,76232EE0,"C:\Users\user\Desktop\DHzscd9uqT.exe"), ref: 00405E48
                                                                                                                                                                                                              • FindFirstFileW.KERNEL32(00424F50,?,?,?,0040A014,?,00424F50,?,?,76233420,76232EE0,"C:\Users\user\Desktop\DHzscd9uqT.exe"), ref: 00405E58
                                                                                                                                                                                                              • FindNextFileW.KERNEL32(00000000,00000010,000000F2,?,?,?,?,0000002E), ref: 00405EF8
                                                                                                                                                                                                              • FindClose.KERNEL32(00000000), ref: 00405F07
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.2395495639.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395466379.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395527121.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395753113.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_DHzscd9uqT.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                                                                                                                                                                              • String ID: "C:\Users\user\Desktop\DHzscd9uqT.exe"$POB$\*.*
                                                                                                                                                                                                              • API String ID: 2035342205-3473176911
                                                                                                                                                                                                              • Opcode ID: 6622ab5639dd30ba5a14c76c08f849f60dd3b1310bdf1729716a2bece7885b77
                                                                                                                                                                                                              • Instruction ID: 08bfc2840413863968cf962241dff1eb28b75ffaef7a08e493f25e9a85e6eaf1
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6622ab5639dd30ba5a14c76c08f849f60dd3b1310bdf1729716a2bece7885b77
                                                                                                                                                                                                              • Instruction Fuzzy Hash: E341F130800A06A6CB21AB61CD89BBF7278EF45754F14413FF485B11C1DB7C4A82DEAE
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • CoCreateInstance.OLE32(004084DC,?,00000001,004084CC,?,?,00000045,000000CD,00000002,000000DF,000000F0), ref: 0040224E
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              • C:\Users\user\AppData\Roaming\InstallerPDW, xrefs: 0040228E
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.2395495639.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395466379.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395527121.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395753113.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_DHzscd9uqT.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CreateInstance
                                                                                                                                                                                                              • String ID: C:\Users\user\AppData\Roaming\InstallerPDW
                                                                                                                                                                                                              • API String ID: 542301482-3996375116
                                                                                                                                                                                                              • Opcode ID: e1b54606f96f7130d2db149cb344deebb8e62271bc48230e732e88c22cd382df
                                                                                                                                                                                                              • Instruction ID: 6ff6f317fb38c44f87062c5feee8d19efe767a13196ba6052caed3a8697b1732
                                                                                                                                                                                                              • Opcode Fuzzy Hash: e1b54606f96f7130d2db149cb344deebb8e62271bc48230e732e88c22cd382df
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 57410575A00209AFCB00DFE4CA89A9D7BB5FF48318B20457EF505EB2D1DB799981CB54
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • FindFirstFileW.KERNEL32(?,00425F98,00425750,004060C2,00425750,00425750,00000000,00425750,00425750, 4#v.#v,?,76232EE0,00405DCE,?,76233420,76232EE0), ref: 00406A0A
                                                                                                                                                                                                              • FindClose.KERNEL32(00000000), ref: 00406A16
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.2395495639.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395466379.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395527121.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395753113.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_DHzscd9uqT.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Find$CloseFileFirst
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 2295610775-0
                                                                                                                                                                                                              • Opcode ID: 5aa02b152b1bdaa4a45d264aeb005cec44e37fe5ecd5a9a233d7a39d055da6f3
                                                                                                                                                                                                              • Instruction ID: 20279147522b4af1e9b85c80e58242a12c3cc79f3f19e9bc8d226ca4cfbd33e3
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5aa02b152b1bdaa4a45d264aeb005cec44e37fe5ecd5a9a233d7a39d055da6f3
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9FD012317595205BC640673C6E0C89B7E589F1A3317128A36F06BF21E4D7348C628A9C
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • FindFirstFileW.KERNEL32(00000000,?,00000002), ref: 0040293F
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.2395495639.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395466379.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395527121.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395753113.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_DHzscd9uqT.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: FileFindFirst
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 1974802433-0
                                                                                                                                                                                                              • Opcode ID: 0ac154066cd6ed248cbf515788dc0f3188666826c505b1a4dd8e1a285c63d3da
                                                                                                                                                                                                              • Instruction ID: 5eb670257f645768a78f75f5229fdd379fa6a203c359b676d04f77a704ba2a21
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0ac154066cd6ed248cbf515788dc0f3188666826c505b1a4dd8e1a285c63d3da
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9DF08271A04105AADB00EBA5D9499AEB378EF14314F60017BE111F31E5D7B88E51DB29
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetDlgItem.USER32(?,000003F9), ref: 004050A6
                                                                                                                                                                                                              • GetDlgItem.USER32(?,00000408), ref: 004050B1
                                                                                                                                                                                                              • GlobalAlloc.KERNEL32(00000040,?), ref: 004050FB
                                                                                                                                                                                                              • LoadImageW.USER32(0000006E,00000000,00000000,00000000,00000000), ref: 00405112
                                                                                                                                                                                                              • SetWindowLongW.USER32(?,000000FC,0040569B), ref: 0040512B
                                                                                                                                                                                                              • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 0040513F
                                                                                                                                                                                                              • ImageList_AddMasked.COMCTL32(00000000,00000000,00FF00FF), ref: 00405151
                                                                                                                                                                                                              • SendMessageW.USER32(?,00001109,00000002), ref: 00405167
                                                                                                                                                                                                              • SendMessageW.USER32(?,0000111C,00000000,00000000), ref: 00405173
                                                                                                                                                                                                              • SendMessageW.USER32(?,0000111B,00000010,00000000), ref: 00405185
                                                                                                                                                                                                              • DeleteObject.GDI32(00000000), ref: 00405188
                                                                                                                                                                                                              • SendMessageW.USER32(?,00000143,00000000,00000000), ref: 004051B3
                                                                                                                                                                                                              • SendMessageW.USER32(?,00000151,00000000,00000000), ref: 004051BF
                                                                                                                                                                                                              • SendMessageW.USER32(?,00001132,00000000,?), ref: 0040525A
                                                                                                                                                                                                              • SendMessageW.USER32(?,0000110A,00000003,00000110), ref: 0040528A
                                                                                                                                                                                                                • Part of subcall function 00404656: SendMessageW.USER32(00000028,?,00000001,00404481), ref: 00404664
                                                                                                                                                                                                              • SendMessageW.USER32(?,00001132,00000000,?), ref: 0040529E
                                                                                                                                                                                                              • GetWindowLongW.USER32(?,000000F0), ref: 004052CC
                                                                                                                                                                                                              • SetWindowLongW.USER32(?,000000F0,00000000), ref: 004052DA
                                                                                                                                                                                                              • ShowWindow.USER32(?,00000005), ref: 004052EA
                                                                                                                                                                                                              • SendMessageW.USER32(?,00000419,00000000,?), ref: 004053E5
                                                                                                                                                                                                              • SendMessageW.USER32(?,00000147,00000000,00000000), ref: 0040544A
                                                                                                                                                                                                              • SendMessageW.USER32(?,00000150,00000000,00000000), ref: 0040545F
                                                                                                                                                                                                              • SendMessageW.USER32(?,00000420,00000000,00000020), ref: 00405483
                                                                                                                                                                                                              • SendMessageW.USER32(?,00000200,00000000,00000000), ref: 004054A3
                                                                                                                                                                                                              • ImageList_Destroy.COMCTL32(?), ref: 004054B8
                                                                                                                                                                                                              • GlobalFree.KERNEL32(?), ref: 004054C8
                                                                                                                                                                                                              • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00405541
                                                                                                                                                                                                              • SendMessageW.USER32(?,00001102,?,?), ref: 004055EA
                                                                                                                                                                                                              • SendMessageW.USER32(?,0000113F,00000000,00000008), ref: 004055F9
                                                                                                                                                                                                              • InvalidateRect.USER32(?,00000000,00000001), ref: 00405624
                                                                                                                                                                                                              • ShowWindow.USER32(?,00000000), ref: 00405672
                                                                                                                                                                                                              • GetDlgItem.USER32(?,000003FE), ref: 0040567D
                                                                                                                                                                                                              • ShowWindow.USER32(00000000), ref: 00405684
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.2395495639.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395466379.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395527121.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395753113.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_DHzscd9uqT.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: MessageSend$Window$Image$ItemList_LongShow$Global$AllocCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                                                                                                                                                                              • String ID: $M$N
                                                                                                                                                                                                              • API String ID: 2564846305-813528018
                                                                                                                                                                                                              • Opcode ID: 5556c4ccadcc43b485929ea75668a96a24f705d46e3e8325ca371777a04c903b
                                                                                                                                                                                                              • Instruction ID: 34ca0daebb1283ae0dea41fcbe79f03df20d3d5ccd25e7298a94edbde83860af
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5556c4ccadcc43b485929ea75668a96a24f705d46e3e8325ca371777a04c903b
                                                                                                                                                                                                              • Instruction Fuzzy Hash: F5028C70A00609AFDB20DF55CD45AAF7BB5FB84314F50857AF910BA2E1D7B98A42CF18
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 0040415E
                                                                                                                                                                                                              • ShowWindow.USER32(?), ref: 0040417E
                                                                                                                                                                                                              • GetWindowLongW.USER32(?,000000F0), ref: 00404190
                                                                                                                                                                                                              • ShowWindow.USER32(?,00000004), ref: 004041A9
                                                                                                                                                                                                              • DestroyWindow.USER32 ref: 004041BD
                                                                                                                                                                                                              • SetWindowLongW.USER32(?,00000000,00000000), ref: 004041D6
                                                                                                                                                                                                              • GetDlgItem.USER32(?,?), ref: 004041F5
                                                                                                                                                                                                              • SendMessageW.USER32(00000000,000000F3,00000000,00000000), ref: 00404209
                                                                                                                                                                                                              • IsWindowEnabled.USER32(00000000), ref: 00404210
                                                                                                                                                                                                              • GetDlgItem.USER32(?,00000001), ref: 004042BB
                                                                                                                                                                                                              • GetDlgItem.USER32(?,00000002), ref: 004042C5
                                                                                                                                                                                                              • SetClassLongW.USER32(?,000000F2,?), ref: 004042DF
                                                                                                                                                                                                              • SendMessageW.USER32(0000040F,00000000,00000001,?), ref: 00404330
                                                                                                                                                                                                              • GetDlgItem.USER32(?,00000003), ref: 004043D6
                                                                                                                                                                                                              • ShowWindow.USER32(00000000,?), ref: 004043F7
                                                                                                                                                                                                              • EnableWindow.USER32(?,?), ref: 00404409
                                                                                                                                                                                                              • EnableWindow.USER32(?,?), ref: 00404424
                                                                                                                                                                                                              • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 0040443A
                                                                                                                                                                                                              • EnableMenuItem.USER32(00000000), ref: 00404441
                                                                                                                                                                                                              • SendMessageW.USER32(?,000000F4,00000000,00000001), ref: 00404459
                                                                                                                                                                                                              • SendMessageW.USER32(?,00000401,00000002,00000000), ref: 0040446C
                                                                                                                                                                                                              • lstrlenW.KERNEL32(00422F48,?,00422F48,00000000), ref: 00404496
                                                                                                                                                                                                              • SetWindowTextW.USER32(?,00422F48), ref: 004044AA
                                                                                                                                                                                                              • ShowWindow.USER32(?,0000000A), ref: 004045DE
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.2395495639.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395466379.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395527121.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395753113.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_DHzscd9uqT.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Window$Item$MessageSendShow$EnableLong$Menu$ClassDestroyEnabledSystemTextlstrlen
                                                                                                                                                                                                              • String ID: H/B
                                                                                                                                                                                                              • API String ID: 1860320154-184950203
                                                                                                                                                                                                              • Opcode ID: 1d334063ac87d117f163498afb3e0779bdc14ef4bf1212a9a53b176d670ff06c
                                                                                                                                                                                                              • Instruction ID: 9a8659dd655c0040c26f3da6c71aaed3cdb3e7512c47e66a19b3526095f1ef41
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1d334063ac87d117f163498afb3e0779bdc14ef4bf1212a9a53b176d670ff06c
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0FC1CEB1600604BBDB216F61EE85E2B7A68FB85345F41093EF741B25F0CB799842DB2D
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • CheckDlgButton.USER32(?,-0000040A,00000001), ref: 0040487E
                                                                                                                                                                                                              • GetDlgItem.USER32(?,000003E8), ref: 00404892
                                                                                                                                                                                                              • SendMessageW.USER32(00000000,0000045B,00000001,00000000), ref: 004048AF
                                                                                                                                                                                                              • GetSysColor.USER32(?), ref: 004048C0
                                                                                                                                                                                                              • SendMessageW.USER32(00000000,00000443,00000000,?), ref: 004048CE
                                                                                                                                                                                                              • SendMessageW.USER32(00000000,00000445,00000000,04010000), ref: 004048DC
                                                                                                                                                                                                              • lstrlenW.KERNEL32(?), ref: 004048E1
                                                                                                                                                                                                              • SendMessageW.USER32(00000000,00000435,00000000,00000000), ref: 004048EE
                                                                                                                                                                                                              • SendMessageW.USER32(00000000,00000449,00000110,00000110), ref: 00404903
                                                                                                                                                                                                              • GetDlgItem.USER32(?,0000040A), ref: 0040495C
                                                                                                                                                                                                              • SendMessageW.USER32(00000000), ref: 00404963
                                                                                                                                                                                                              • GetDlgItem.USER32(?,000003E8), ref: 0040498E
                                                                                                                                                                                                              • SendMessageW.USER32(00000000,0000044B,00000000,00000201), ref: 004049D1
                                                                                                                                                                                                              • LoadCursorW.USER32(00000000,00007F02), ref: 004049DF
                                                                                                                                                                                                              • SetCursor.USER32(00000000), ref: 004049E2
                                                                                                                                                                                                              • LoadCursorW.USER32(00000000,00007F00), ref: 004049FB
                                                                                                                                                                                                              • SetCursor.USER32(00000000), ref: 004049FE
                                                                                                                                                                                                              • SendMessageW.USER32(00000111,00000001,00000000), ref: 00404A2D
                                                                                                                                                                                                              • SendMessageW.USER32(00000010,00000000,00000000), ref: 00404A3F
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.2395495639.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395466379.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395527121.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395753113.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_DHzscd9uqT.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorlstrlen
                                                                                                                                                                                                              • String ID: C:\Users\user\AppData\Roaming\InstallerPDW\install.exe$N$WG@
                                                                                                                                                                                                              • API String ID: 3103080414-944411302
                                                                                                                                                                                                              • Opcode ID: 0408aea07e4224223b1525a80d6e9a5543208d2b5c1b62ae9aa87092746790f3
                                                                                                                                                                                                              • Instruction ID: 54d9d544d8a339ed1f673c4731e81340660bcd02aea44dc88bd758a97d32eb83
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0408aea07e4224223b1525a80d6e9a5543208d2b5c1b62ae9aa87092746790f3
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2B61A0B1A40209BFDB10AF64CD85AAA7B69FB84314F00843AF605B72D0C779AD51CF98
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000,?,00000000,00000001,?,00000000,?,?,00406483,?,?), ref: 00406323
                                                                                                                                                                                                              • GetShortPathNameW.KERNEL32(?,004265E8,00000400), ref: 0040632C
                                                                                                                                                                                                                • Part of subcall function 004060F7: lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,004063DC,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00406107
                                                                                                                                                                                                                • Part of subcall function 004060F7: lstrlenA.KERNEL32(00000000,?,00000000,004063DC,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00406139
                                                                                                                                                                                                              • GetShortPathNameW.KERNEL32(?,00426DE8,00000400), ref: 00406349
                                                                                                                                                                                                              • wsprintfA.USER32 ref: 00406367
                                                                                                                                                                                                              • GetFileSize.KERNEL32(00000000,00000000,00426DE8,C0000000,00000004,00426DE8,?,?,?,?,?), ref: 004063A2
                                                                                                                                                                                                              • GlobalAlloc.KERNEL32(00000040,0000000A,?,?,?,?), ref: 004063B1
                                                                                                                                                                                                              • lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 004063E9
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(0040A5B0,00000000,00000000,00000000,00000000,004261E8,00000000,-0000000A,0040A5B0,00000000,[Rename],00000000,00000000,00000000), ref: 0040643F
                                                                                                                                                                                                              • GlobalFree.KERNEL32(00000000), ref: 00406450
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 00406457
                                                                                                                                                                                                                • Part of subcall function 00406192: GetFileAttributesW.KERNELBASE(00000003,00403138,00437800,80000000,00000003), ref: 00406196
                                                                                                                                                                                                                • Part of subcall function 00406192: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 004061B8
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.2395495639.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395466379.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395527121.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395753113.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_DHzscd9uqT.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: File$CloseGlobalHandleNamePathShortlstrlen$AllocAttributesCreateFreePointerSizelstrcpywsprintf
                                                                                                                                                                                                              • String ID: %ls=%ls$[Rename]$eB$mB$mB
                                                                                                                                                                                                              • API String ID: 2171350718-2529913679
                                                                                                                                                                                                              • Opcode ID: db523023045b127196975f0173c88122861a3a00dd6e7a8812d5311d7169504c
                                                                                                                                                                                                              • Instruction ID: 9150ff15d44dd6ac7e39c2a3973aa46bc34ee9e674c79fba1fcd409278ee571c
                                                                                                                                                                                                              • Opcode Fuzzy Hash: db523023045b127196975f0173c88122861a3a00dd6e7a8812d5311d7169504c
                                                                                                                                                                                                              • Instruction Fuzzy Hash: A0312370600325BBD2206F65AD49F6B3A5CDF41754F12403AFA02B62D3DA7CD82586BD
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • DefWindowProcW.USER32(?,00000046,?,?), ref: 0040102C
                                                                                                                                                                                                              • BeginPaint.USER32(?,?), ref: 00401047
                                                                                                                                                                                                              • GetClientRect.USER32(?,?), ref: 0040105B
                                                                                                                                                                                                              • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                                                                                                                                                                                                              • FillRect.USER32(00000000,?,00000000), ref: 004010E4
                                                                                                                                                                                                              • DeleteObject.GDI32(?), ref: 004010ED
                                                                                                                                                                                                              • CreateFontIndirectW.GDI32(?), ref: 00401105
                                                                                                                                                                                                              • SetBkMode.GDI32(00000000,00000001), ref: 00401126
                                                                                                                                                                                                              • SetTextColor.GDI32(00000000,000000FF), ref: 00401130
                                                                                                                                                                                                              • SelectObject.GDI32(00000000,?), ref: 00401140
                                                                                                                                                                                                              • DrawTextW.USER32(00000000,00428A60,000000FF,00000010,00000820), ref: 00401156
                                                                                                                                                                                                              • SelectObject.GDI32(00000000,00000000), ref: 00401160
                                                                                                                                                                                                              • DeleteObject.GDI32(?), ref: 00401165
                                                                                                                                                                                                              • EndPaint.USER32(?,?), ref: 0040116E
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.2395495639.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395466379.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395527121.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395753113.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_DHzscd9uqT.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                                                                                                                                                                              • String ID: F
                                                                                                                                                                                                              • API String ID: 941294808-1304234792
                                                                                                                                                                                                              • Opcode ID: 9a1d1952d02a6587733a796de720c08d05f060e36ce2c67ddab1b612aed24319
                                                                                                                                                                                                              • Instruction ID: 3c33d73dbc2ffdf14e434cca4ae815e9cfbd561affca8d3971a90777bf4c3be5
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9a1d1952d02a6587733a796de720c08d05f060e36ce2c67ddab1b612aed24319
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 34418B71800249AFCF058FA5DE459AFBBB9FF45314F00802EF592AA1A0CB34DA55DFA4
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • CharNextW.USER32(?,*?|<>/":,00000000,"C:\Users\user\Desktop\DHzscd9uqT.exe",76233420,C:\Users\user\AppData\Local\Temp\,00000000,00403640,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,0040394F,?,00000008,0000000A,0000000C), ref: 004069B3
                                                                                                                                                                                                              • CharNextW.USER32(?,?,?,00000000,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 004069C2
                                                                                                                                                                                                              • CharNextW.USER32(?,"C:\Users\user\Desktop\DHzscd9uqT.exe",76233420,C:\Users\user\AppData\Local\Temp\,00000000,00403640,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,0040394F,?,00000008,0000000A,0000000C), ref: 004069C7
                                                                                                                                                                                                              • CharPrevW.USER32(?,?,76233420,C:\Users\user\AppData\Local\Temp\,00000000,00403640,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,0040394F,?,00000008,0000000A,0000000C), ref: 004069DA
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              • C:\Users\user\AppData\Local\Temp\, xrefs: 00406951
                                                                                                                                                                                                              • *?|<>/":, xrefs: 004069A2
                                                                                                                                                                                                              • "C:\Users\user\Desktop\DHzscd9uqT.exe", xrefs: 00406994
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.2395495639.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395466379.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395527121.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395753113.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_DHzscd9uqT.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Char$Next$Prev
                                                                                                                                                                                                              • String ID: "C:\Users\user\Desktop\DHzscd9uqT.exe"$*?|<>/":$C:\Users\user\AppData\Local\Temp\
                                                                                                                                                                                                              • API String ID: 589700163-3297014474
                                                                                                                                                                                                              • Opcode ID: 7c4491ab095b24fecdd0000f8ec6f0e383ca7ce11269c465865605e120ff5cd6
                                                                                                                                                                                                              • Instruction ID: ee050b90af12f7da754e5e1a7cefda923f304df8a209a79dab08f9ec4fc7f4f9
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7c4491ab095b24fecdd0000f8ec6f0e383ca7ce11269c465865605e120ff5cd6
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0311B695800612A5DB303B148D40AB7A2F8AF55794F52403FED9AB3AC1EB7C4C9286BD
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetWindowLongW.USER32(?,000000EB), ref: 004046A5
                                                                                                                                                                                                              • GetSysColor.USER32(00000000), ref: 004046E3
                                                                                                                                                                                                              • SetTextColor.GDI32(?,00000000), ref: 004046EF
                                                                                                                                                                                                              • SetBkMode.GDI32(?,?), ref: 004046FB
                                                                                                                                                                                                              • GetSysColor.USER32(?), ref: 0040470E
                                                                                                                                                                                                              • SetBkColor.GDI32(?,?), ref: 0040471E
                                                                                                                                                                                                              • DeleteObject.GDI32(?), ref: 00404738
                                                                                                                                                                                                              • CreateBrushIndirect.GDI32(?), ref: 00404742
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.2395495639.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395466379.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395527121.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395753113.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_DHzscd9uqT.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 2320649405-0
                                                                                                                                                                                                              • Opcode ID: 9dba601b91aff6ac4bf2e5f3eaee39d76022ea5146a5c84035e03d3d84c8d27c
                                                                                                                                                                                                              • Instruction ID: dc9e33635e48260261a40037ac820fc698cd45b4c1bae75aa0874807b7806060
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9dba601b91aff6ac4bf2e5f3eaee39d76022ea5146a5c84035e03d3d84c8d27c
                                                                                                                                                                                                              • Instruction Fuzzy Hash: B321A7715007049BCB309F38DA48B5B7BF4AF82714B00893DE9A6B72E0D778E904CB58
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • ReadFile.KERNEL32(?,?,?,?), ref: 0040277D
                                                                                                                                                                                                              • MultiByteToWideChar.KERNEL32(?,00000008,?,?,?,00000001), ref: 004027B8
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(?,?,?,00000001,?,00000008,?,?,?,00000001), ref: 004027DB
                                                                                                                                                                                                              • MultiByteToWideChar.KERNEL32(?,00000008,?,00000000,?,00000001,?,00000001,?,00000008,?,?,?,00000001), ref: 004027F1
                                                                                                                                                                                                                • Part of subcall function 00406273: SetFilePointer.KERNEL32(?,00000000,00000000,00000001), ref: 00406289
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(?,?,?,00000001,?,?,00000002), ref: 0040289D
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.2395495639.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395466379.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395527121.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395753113.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_DHzscd9uqT.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: File$Pointer$ByteCharMultiWide$Read
                                                                                                                                                                                                              • String ID: 9
                                                                                                                                                                                                              • API String ID: 163830602-2366072709
                                                                                                                                                                                                              • Opcode ID: f4cc411d6a691ff0d779ee2962e3d04b2c777b5052aec2b7df3f44af6f7597f5
                                                                                                                                                                                                              • Instruction ID: 77fbecb4268093b3ffff8c623a80bd5bb6512b600f7762490a4bde5bc174ce64
                                                                                                                                                                                                              • Opcode Fuzzy Hash: f4cc411d6a691ff0d779ee2962e3d04b2c777b5052aec2b7df3f44af6f7597f5
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9A511D75D04219AADF20EFD4CA85AAEBB79FF44304F14817BE501B62D0D7B89D82CB58
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • lstrlenW.KERNEL32(00421F28,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030CD,00000000,?), ref: 0040575F
                                                                                                                                                                                                              • lstrlenW.KERNEL32(004030CD,00421F28,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030CD,00000000), ref: 0040576F
                                                                                                                                                                                                              • lstrcatW.KERNEL32(00421F28,004030CD,004030CD,00421F28,00000000,00000000,00000000), ref: 00405782
                                                                                                                                                                                                              • SetWindowTextW.USER32(00421F28,00421F28), ref: 00405794
                                                                                                                                                                                                              • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 004057BA
                                                                                                                                                                                                              • SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 004057D4
                                                                                                                                                                                                              • SendMessageW.USER32(?,00001013,?,00000000), ref: 004057E2
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.2395495639.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395466379.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395527121.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395753113.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_DHzscd9uqT.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: MessageSend$lstrlen$TextWindowlstrcat
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 2531174081-0
                                                                                                                                                                                                              • Opcode ID: 478899543bd82950d8a4d30903f75c7e93d106f960787587e0f6081d0d83e678
                                                                                                                                                                                                              • Instruction ID: 5626e068ca8b5f19a977ecdc4b6aac72793d852c885f634865ceb3a8b40a731b
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 478899543bd82950d8a4d30903f75c7e93d106f960787587e0f6081d0d83e678
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6F218E71900558FACB119F65DD849CFBFB9EF45350F10803AF904B62A0C7794A819F68
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • DestroyWindow.USER32(00000000,00000000), ref: 0040306E
                                                                                                                                                                                                              • GetTickCount.KERNEL32 ref: 0040308C
                                                                                                                                                                                                              • wsprintfW.USER32 ref: 004030BA
                                                                                                                                                                                                                • Part of subcall function 00405727: lstrlenW.KERNEL32(00421F28,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030CD,00000000,?), ref: 0040575F
                                                                                                                                                                                                                • Part of subcall function 00405727: lstrlenW.KERNEL32(004030CD,00421F28,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030CD,00000000), ref: 0040576F
                                                                                                                                                                                                                • Part of subcall function 00405727: lstrcatW.KERNEL32(00421F28,004030CD,004030CD,00421F28,00000000,00000000,00000000), ref: 00405782
                                                                                                                                                                                                                • Part of subcall function 00405727: SetWindowTextW.USER32(00421F28,00421F28), ref: 00405794
                                                                                                                                                                                                                • Part of subcall function 00405727: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 004057BA
                                                                                                                                                                                                                • Part of subcall function 00405727: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 004057D4
                                                                                                                                                                                                                • Part of subcall function 00405727: SendMessageW.USER32(?,00001013,?,00000000), ref: 004057E2
                                                                                                                                                                                                              • CreateDialogParamW.USER32(0000006F,00000000,00402FB8,00000000), ref: 004030DE
                                                                                                                                                                                                              • ShowWindow.USER32(00000000,00000005), ref: 004030EC
                                                                                                                                                                                                                • Part of subcall function 00403037: MulDiv.KERNEL32(00000000,00000064,0001904F), ref: 0040304C
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.2395495639.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395466379.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395527121.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395753113.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_DHzscd9uqT.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: MessageSendWindow$lstrlen$CountCreateDestroyDialogParamShowTextTicklstrcatwsprintf
                                                                                                                                                                                                              • String ID: ... %d%%
                                                                                                                                                                                                              • API String ID: 722711167-2449383134
                                                                                                                                                                                                              • Opcode ID: e30de3e9c70cc1782be0847fd193c9846037557e070c342b8441f703718ebcd4
                                                                                                                                                                                                              • Instruction ID: 97c902a025ac2946b461c4c6cbd0392064296d6115d029b2f7da86e316ad9030
                                                                                                                                                                                                              • Opcode Fuzzy Hash: e30de3e9c70cc1782be0847fd193c9846037557e070c342b8441f703718ebcd4
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5901A530542320EBCB31AF60AE0AA6B7F6CAB00702F54443BF441B15D5CAB84641CB9E
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00404FF7
                                                                                                                                                                                                              • GetMessagePos.USER32 ref: 00404FFF
                                                                                                                                                                                                              • ScreenToClient.USER32(?,?), ref: 00405019
                                                                                                                                                                                                              • SendMessageW.USER32(?,00001111,00000000,?), ref: 0040502B
                                                                                                                                                                                                              • SendMessageW.USER32(?,0000113E,00000000,?), ref: 00405051
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.2395495639.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395466379.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395527121.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395753113.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_DHzscd9uqT.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Message$Send$ClientScreen
                                                                                                                                                                                                              • String ID: f
                                                                                                                                                                                                              • API String ID: 41195575-1993550816
                                                                                                                                                                                                              • Opcode ID: 3b05e908374c5eb3ed0cc07743cf8bdf4b6f619b857b2f4ef42225a5e6fc1927
                                                                                                                                                                                                              • Instruction ID: 35c53ee3dfde216a4a17f9e8076a2c946c4c65f0c866826bb74e9a6ab3448864
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3b05e908374c5eb3ed0cc07743cf8bdf4b6f619b857b2f4ef42225a5e6fc1927
                                                                                                                                                                                                              • Instruction Fuzzy Hash: F3015E31900218BADB00DBA4DD85BFFBBBCEF55711F10412BBA51B61D0D7B49A058BA4
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 00402FD6
                                                                                                                                                                                                              • wsprintfW.USER32 ref: 0040300A
                                                                                                                                                                                                              • SetWindowTextW.USER32(?,?), ref: 0040301A
                                                                                                                                                                                                              • SetDlgItemTextW.USER32(?,00000406,?), ref: 0040302C
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.2395495639.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395466379.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395527121.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395753113.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_DHzscd9uqT.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Text$ItemTimerWindowwsprintf
                                                                                                                                                                                                              • String ID: unpacking data: %d%%$verifying installer: %d%%
                                                                                                                                                                                                              • API String ID: 1451636040-1158693248
                                                                                                                                                                                                              • Opcode ID: 66e00694bf9c2fcf5817c91216ca696d61ea9415c1ed8b1f40767934bfa15992
                                                                                                                                                                                                              • Instruction ID: bec97a1ff423586d6a5c987b60c5c02bd53578e49ae90ce5674df69195bed5dc
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 66e00694bf9c2fcf5817c91216ca696d61ea9415c1ed8b1f40767934bfa15992
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 98F0317054020CABEF209F60DD4ABEE3B6CEB04349F00803AF646B51D0DBB99A558F99
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000,000000F0), ref: 004029D6
                                                                                                                                                                                                              • GlobalAlloc.KERNEL32(00000040,?,00000000,?), ref: 004029F2
                                                                                                                                                                                                              • GlobalFree.KERNEL32(?), ref: 00402A2B
                                                                                                                                                                                                              • GlobalFree.KERNEL32(00000000), ref: 00402A3E
                                                                                                                                                                                                              • CloseHandle.KERNEL32(?,?,?,?,?,00000000,40000000,00000002,00000000,00000000,000000F0), ref: 00402A5A
                                                                                                                                                                                                              • DeleteFileW.KERNEL32(?,00000000,40000000,00000002,00000000,00000000,000000F0), ref: 00402A6D
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.2395495639.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395466379.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395527121.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395753113.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_DHzscd9uqT.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Global$AllocFree$CloseDeleteFileHandle
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 2667972263-0
                                                                                                                                                                                                              • Opcode ID: 99a72b25e835b2ea7940c93163da3ca2f710589d23dcac0e6d207047e8163098
                                                                                                                                                                                                              • Instruction ID: 349357d0e6511a5e46fd8e19636faeb724d9b15f10a4c99f70335ec2520be7da
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 99a72b25e835b2ea7940c93163da3ca2f710589d23dcac0e6d207047e8163098
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2731B171D00124BBCF21AFA5DD89D9E7E79AF44364F14023AF415762E1CB794D418F68
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • lstrlenW.KERNEL32(00422F48,00422F48,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404F6F
                                                                                                                                                                                                              • wsprintfW.USER32 ref: 00404F78
                                                                                                                                                                                                              • SetDlgItemTextW.USER32(?,00422F48), ref: 00404F8B
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.2395495639.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395466379.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395527121.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395753113.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_DHzscd9uqT.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: ItemTextlstrlenwsprintf
                                                                                                                                                                                                              • String ID: %u.%u%s%s$H/B
                                                                                                                                                                                                              • API String ID: 3540041739-2222257793
                                                                                                                                                                                                              • Opcode ID: 701484786e9e788ccce1f8e608fe17be4446b7c9895a13b6126df495f4584910
                                                                                                                                                                                                              • Instruction ID: d50fdcff321319429c488fc01686433ffa638a32cb0890ada2b0e386a1fa8516
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 701484786e9e788ccce1f8e608fe17be4446b7c9895a13b6126df495f4584910
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8B11A873A0412837DB00656D9D45E9E369C9B85374F154637FA26F31D1E979CC2182E8
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • RegEnumValueW.ADVAPI32(?,00000000,?,?,00000000,00000000,00000000,00000000,?,?,00100020,?,?,?), ref: 00402F22
                                                                                                                                                                                                              • RegEnumKeyW.ADVAPI32(?,00000000,?,00000105), ref: 00402F6E
                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(?,?,?), ref: 00402F77
                                                                                                                                                                                                              • RegDeleteKeyW.ADVAPI32(?,?), ref: 00402F8E
                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(?,?,?), ref: 00402F99
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.2395495639.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395466379.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395527121.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395753113.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_DHzscd9uqT.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CloseEnum$DeleteValue
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 1354259210-0
                                                                                                                                                                                                              • Opcode ID: acaf4fc398a66893391ff6439948fdf9f5bbe1b70c5a8b97b274ab2e0b988985
                                                                                                                                                                                                              • Instruction ID: 5e325e4eb8c599eaadb2b1545cb8ec7488c9788084a271734582f96bfbf33a22
                                                                                                                                                                                                              • Opcode Fuzzy Hash: acaf4fc398a66893391ff6439948fdf9f5bbe1b70c5a8b97b274ab2e0b988985
                                                                                                                                                                                                              • Instruction Fuzzy Hash: FA213D7150010ABFEF129F90CE89EEF7B7DEB54388F110076B909B11E0D7759E54AA64
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetDlgItem.USER32(?,?), ref: 00401DBF
                                                                                                                                                                                                              • GetClientRect.USER32(?,?), ref: 00401E0A
                                                                                                                                                                                                              • LoadImageW.USER32(?,?,?,?,?,?), ref: 00401E3A
                                                                                                                                                                                                              • SendMessageW.USER32(?,00000172,?,00000000), ref: 00401E4E
                                                                                                                                                                                                              • DeleteObject.GDI32(00000000), ref: 00401E5E
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.2395495639.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395466379.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395527121.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395753113.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_DHzscd9uqT.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 1849352358-0
                                                                                                                                                                                                              • Opcode ID: bd4e520b8cc5a1f7d7462dde4cdf2bafadf22cf4d53fc2066ec95edb4c3fdfff
                                                                                                                                                                                                              • Instruction ID: 9dfadece7afb1d036d9df0696a088785edc369755c046bee68b18a74b307b48a
                                                                                                                                                                                                              • Opcode Fuzzy Hash: bd4e520b8cc5a1f7d7462dde4cdf2bafadf22cf4d53fc2066ec95edb4c3fdfff
                                                                                                                                                                                                              • Instruction Fuzzy Hash: DC213B72900119AFCF05DF98DE45AEEBBB5EB08300F14003AF945F62A0D7349D81DB98
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetDC.USER32(?), ref: 00401E76
                                                                                                                                                                                                              • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00401E90
                                                                                                                                                                                                              • MulDiv.KERNEL32(00000000,00000000), ref: 00401E98
                                                                                                                                                                                                              • ReleaseDC.USER32(?,00000000), ref: 00401EA9
                                                                                                                                                                                                              • CreateFontIndirectW.GDI32(0040CDF8), ref: 00401EF8
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.2395495639.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395466379.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395527121.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395753113.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_DHzscd9uqT.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CapsCreateDeviceFontIndirectRelease
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3808545654-0
                                                                                                                                                                                                              • Opcode ID: e7871214ef899597a5c21e8ed64a158595def24cf366e312614ef02057251c7c
                                                                                                                                                                                                              • Instruction ID: e238c2cdee3483520897b3d1e8694375d24364cfb31141c1d88cf39a281bb876
                                                                                                                                                                                                              • Opcode Fuzzy Hash: e7871214ef899597a5c21e8ed64a158595def24cf366e312614ef02057251c7c
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9D018871904250EFE7005BB4EE99BDD3FB4AF55301F20897AF142B61E2C6B904459BED
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • SendMessageTimeoutW.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401CD8
                                                                                                                                                                                                              • SendMessageW.USER32(00000000,00000000,?,?), ref: 00401CF0
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.2395495639.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395466379.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395527121.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395753113.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_DHzscd9uqT.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: MessageSend$Timeout
                                                                                                                                                                                                              • String ID: !
                                                                                                                                                                                                              • API String ID: 1777923405-2657877971
                                                                                                                                                                                                              • Opcode ID: 7ad168aabce29fd4aea1c4775643c0a159d1592a8197a50a1d283e8c160106aa
                                                                                                                                                                                                              • Instruction ID: 990765c93fade27e2bb35c4ad61bbd9c2d50a24465aba9d794b4eebee5297a47
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7ad168aabce29fd4aea1c4775643c0a159d1592a8197a50a1d283e8c160106aa
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 30217E7191421AAEEB05AFA4D94AAFE7BB0EF44304F10453EF505B61D0D7B88941DB98
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                • Part of subcall function 004066A2: lstrcpynW.KERNEL32(?,?,00000400,004037D7,00428A60,NSIS Error,?,00000008,0000000A,0000000C), ref: 004066AF
                                                                                                                                                                                                                • Part of subcall function 0040601C: CharNextW.USER32(?,?,00425750,?,00406090,00425750,00425750, 4#v.#v,?,76232EE0,00405DCE,?,76233420,76232EE0,"C:\Users\user\Desktop\DHzscd9uqT.exe"), ref: 0040602A
                                                                                                                                                                                                                • Part of subcall function 0040601C: CharNextW.USER32(00000000), ref: 0040602F
                                                                                                                                                                                                                • Part of subcall function 0040601C: CharNextW.USER32(00000000), ref: 00406047
                                                                                                                                                                                                              • lstrlenW.KERNEL32(00425750,00000000,00425750,00425750, 4#v.#v,?,76232EE0,00405DCE,?,76233420,76232EE0,"C:\Users\user\Desktop\DHzscd9uqT.exe"), ref: 004060D2
                                                                                                                                                                                                              • GetFileAttributesW.KERNEL32(00425750,00425750,00425750,00425750,00425750,00425750,00000000,00425750,00425750, 4#v.#v,?,76232EE0,00405DCE,?,76233420,76232EE0), ref: 004060E2
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.2395495639.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395466379.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395527121.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395753113.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_DHzscd9uqT.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CharNext$AttributesFilelstrcpynlstrlen
                                                                                                                                                                                                              • String ID: 4#v.#v$PWB
                                                                                                                                                                                                              • API String ID: 3248276644-4161556504
                                                                                                                                                                                                              • Opcode ID: 8ac32a27a18f4c2dd493eafaed9bce6c13b36ca5a95e32c2f60d88480e43d1b4
                                                                                                                                                                                                              • Instruction ID: 57cdea5284265d05e194d97f438d60f20e9a33b3e1b8f85ab2b18f32e1c9dba5
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8ac32a27a18f4c2dd493eafaed9bce6c13b36ca5a95e32c2f60d88480e43d1b4
                                                                                                                                                                                                              • Instruction Fuzzy Hash: F6F04425184A6259E622B73A0C05AAF25098F82324B4B463FF803B22C1DF3D8963917E
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • lstrlenW.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,00403652,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,0040394F,?,00000008,0000000A,0000000C), ref: 00405F77
                                                                                                                                                                                                              • CharPrevW.USER32(?,00000000,?,C:\Users\user\AppData\Local\Temp\,00403652,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,0040394F,?,00000008,0000000A,0000000C), ref: 00405F81
                                                                                                                                                                                                              • lstrcatW.KERNEL32(?,0040A014,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00405F93
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              • C:\Users\user\AppData\Local\Temp\, xrefs: 00405F71
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.2395495639.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395466379.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395527121.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395753113.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_DHzscd9uqT.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CharPrevlstrcatlstrlen
                                                                                                                                                                                                              • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                                                                                                                                              • API String ID: 2659869361-3936084776
                                                                                                                                                                                                              • Opcode ID: 1ad634ba4b40e47f3a67f9c69e663da68b942b7adec5edae9754e9c2c01f4b37
                                                                                                                                                                                                              • Instruction ID: 335bc096d8d08ccdb4617666140afd44cda2f442d884a3fcf06d2b2a94fa9456
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1ad634ba4b40e47f3a67f9c69e663da68b942b7adec5edae9754e9c2c01f4b37
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 42D0A731101A34EAC2117B448C04CDF629C9F46344341483BF101B31A1CB7D5DA287FD
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • IsWindowVisible.USER32(?), ref: 004056CA
                                                                                                                                                                                                              • CallWindowProcW.USER32(?,?,?,?), ref: 0040571B
                                                                                                                                                                                                                • Part of subcall function 0040466D: SendMessageW.USER32(?,00000000,00000000,00000000), ref: 0040467F
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.2395495639.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395466379.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395527121.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395753113.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_DHzscd9uqT.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Window$CallMessageProcSendVisible
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3748168415-3916222277
                                                                                                                                                                                                              • Opcode ID: 566dc257d6ecfccfd9b8870a3abbf6eef49955a94d49fdbfe0e36d929d226f84
                                                                                                                                                                                                              • Instruction ID: a38bd53333deb2965cf6bcfe27cab5e967b0379a0e7dc5bd4266cb97908be95f
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 566dc257d6ecfccfd9b8870a3abbf6eef49955a94d49fdbfe0e36d929d226f84
                                                                                                                                                                                                              • Instruction Fuzzy Hash: A901B131200708EFDB204F90DEC0A9B3665FB84750F504036F605761D1D77A8C92AE2D
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • RegQueryValueExW.ADVAPI32(?,00000000,00000000,00421F28,?,00000800,00000000,?,00421F28,?,?,C:\Users\user\AppData\Roaming\InstallerPDW\install.exe,?,00000000,004067E1,80000002), ref: 004065B6
                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(?), ref: 004065C1
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              • C:\Users\user\AppData\Roaming\InstallerPDW\install.exe, xrefs: 00406577
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.2395495639.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395466379.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395527121.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395753113.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_DHzscd9uqT.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CloseQueryValue
                                                                                                                                                                                                              • String ID: C:\Users\user\AppData\Roaming\InstallerPDW\install.exe
                                                                                                                                                                                                              • API String ID: 3356406503-1813518584
                                                                                                                                                                                                              • Opcode ID: 5e421e957683aa7155fe1e1f393967b6404614e05e15b89e99e168e2dc4a01c3
                                                                                                                                                                                                              • Instruction ID: 4169300ffd031f607b120f1368fde5344542a6b636238975c7224480bb0190f2
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5e421e957683aa7155fe1e1f393967b6404614e05e15b89e99e168e2dc4a01c3
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 93017C72500209BBDF218F55DC09EDB3BA8EB54364F01803AFD1AA2190E778D964DBA4
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • lstrlenW.KERNEL32(80000000,C:\Users\user\Desktop,00403161,C:\Users\user\Desktop,C:\Users\user\Desktop,00437800,00437800,80000000,00000003), ref: 00405FC3
                                                                                                                                                                                                              • CharPrevW.USER32(80000000,00000000,80000000,C:\Users\user\Desktop,00403161,C:\Users\user\Desktop,C:\Users\user\Desktop,00437800,00437800,80000000,00000003), ref: 00405FD3
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.2395495639.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395466379.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395527121.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395753113.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_DHzscd9uqT.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CharPrevlstrlen
                                                                                                                                                                                                              • String ID: C:\Users\user\Desktop
                                                                                                                                                                                                              • API String ID: 2709904686-3125694417
                                                                                                                                                                                                              • Opcode ID: 4d9a109f9f2e29ac56c0736ccbd4fa6bf3a04a93e1f4050107f2eb61dc35f761
                                                                                                                                                                                                              • Instruction ID: 38d9290afe44bb03d7cf08b54fe4d5b58535dca9612c3dc8604b8734ddeb262b
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4d9a109f9f2e29ac56c0736ccbd4fa6bf3a04a93e1f4050107f2eb61dc35f761
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3AD05EB2411921DAD3126704DD01D9F77ACEF12300746482AE440A7161D7785C8186AC
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,004063DC,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00406107
                                                                                                                                                                                                              • lstrcmpiA.KERNEL32(00000000,00000000), ref: 0040611F
                                                                                                                                                                                                              • CharNextA.USER32(00000000,?,00000000,004063DC,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00406130
                                                                                                                                                                                                              • lstrlenA.KERNEL32(00000000,?,00000000,004063DC,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00406139
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.2395495639.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395466379.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395527121.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395575069.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.2395753113.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_DHzscd9uqT.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: lstrlen$CharNextlstrcmpi
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 190613189-0
                                                                                                                                                                                                              • Opcode ID: 95544cd0fbc1c68b6442233ab1bb13ea59abf9e1bd9498eecabbd7b85e38d71d
                                                                                                                                                                                                              • Instruction ID: 5f3436636367d0d5bc92f6b0e419d408aad35ecbe6557c54d873c5627a92c34c
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 95544cd0fbc1c68b6442233ab1bb13ea59abf9e1bd9498eecabbd7b85e38d71d
                                                                                                                                                                                                              • Instruction Fuzzy Hash: E4F0BB35604414FFC702DFA5DD00D9EBBA8EF46350B2640B9F841FB211D674DE129B99

                                                                                                                                                                                                              Execution Graph

                                                                                                                                                                                                              Execution Coverage:23.2%
                                                                                                                                                                                                              Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                              Signature Coverage:3.9%
                                                                                                                                                                                                              Total number of Nodes:686
                                                                                                                                                                                                              Total number of Limit Nodes:13
                                                                                                                                                                                                              execution_graph 1727 404040 1728 404070 FindResourceExA 1727->1728 1729 40405a 1727->1729 1730 4040b4 LoadResource 1728->1730 1731 40426c SetLastError 1728->1731 1732 404110 atoi 1730->1732 1733 4040cd LockResource 1730->1733 1734 404284 fprintf 1731->1734 1735 404126 1732->1735 1736 404208 1732->1736 1733->1732 1740 4040de 1733->1740 1734->1732 1755 402cb0 1735->1755 1738 402cb0 45 API calls 1736->1738 1741 40413b 1738->1741 1739 404155 1742 4041a5 strcpy 1739->1742 1744 404168 1739->1744 1745 40423a 1739->1745 1740->1732 1740->1734 1743 404103 1740->1743 1741->1739 1748 402cb0 45 API calls 1741->1748 1746 4041c3 fprintf 1742->1746 1747 4041f4 1742->1747 1743->1732 1749 402cb0 45 API calls 1744->1749 1750 402cb0 45 API calls 1745->1750 1746->1747 1748->1739 1753 40417d 1749->1753 1750->1753 1752 404197 1752->1729 1752->1742 1753->1752 1754 402cb0 45 API calls 1753->1754 1754->1752 1756 402d50 FindResourceExA 1755->1756 1757 402cd3 1755->1757 1760 402d94 LoadResource 1756->1760 1761 402e39 SetLastError 1756->1761 1758 402d10 1757->1758 1759 402cd8 1757->1759 1765 402ce3 1758->1765 1766 402920 39 API calls 1758->1766 1759->1765 1767 402920 39 API calls 1759->1767 1762 402e00 atoi 1760->1762 1763 402dad LockResource 1760->1763 1761->1762 1762->1759 1763->1762 1769 402dbe 1763->1769 1764 402ce8 1764->1741 1765->1764 1772 402920 1765->1772 1766->1765 1767->1765 1769->1762 1771 402ddf fprintf 1769->1771 1770 402d26 1770->1741 1771->1762 1773 402970 RegOpenKeyExA 1772->1773 1774 402946 fprintf 1772->1774 1776 4029a4 1773->1776 1777 4029ac memset memset memset 1773->1777 1774->1773 1776->1770 1778 402a4f RegEnumKeyExA 1777->1778 1779 402aa9 strcpy strlen 1778->1779 1780 402c8b RegCloseKey 1778->1780 1781 402ac7 1779->1781 1782 402acd strcat 1779->1782 1780->1770 1781->1782 1783 402bf0 fprintf 1782->1783 1784 402aec strchr 1782->1784 1783->1770 1785 402b07 strlen 1784->1785 1786 402b1b strcpy 1784->1786 1785->1786 1787 402c30 strncpy strlen strcat 1785->1787 1788 402b33 strcmp 1786->1788 1787->1788 1793 402a37 1788->1793 1789 402bd6 fprintf 1789->1770 1790 402a18 strcmp 1791 402b5f strcmp 1790->1791 1790->1793 1791->1793 1793->1778 1793->1789 1793->1790 1793->1791 1795 402b98 strcpy strcpy 1793->1795 1796 4027a0 memset RegOpenKeyExA 1793->1796 1795->1789 1795->1793 1797 402830 memset RegQueryValueExA 1796->1797 1798 402814 1796->1798 1799 4028ed RegCloseKey 1797->1799 1801 402894 1797->1801 1798->1793 1799->1798 1800 402906 strcpy 1799->1800 1800->1798 1801->1801 1802 4028e3 1801->1802 1803 4028bd strlen 1801->1803 1808 402690 memset 1802->1808 1805 4028d2 strcat 1803->1805 1806 4028cc 1803->1806 1805->1802 1806->1805 1809 402708 strcpy 1808->1809 1810 4026c9 1808->1810 1812 402776 strlen 1809->1812 1813 40271e strlen 1809->1813 1811 4026f9 1810->1811 1814 4026e0 fprintf 1810->1814 1815 4026db 1810->1815 1811->1799 1816 40272d strcat _stat 1812->1816 1813->1816 1814->1811 1815->1814 1816->1810 1818 402762 SetLastError 1816->1818 1818->1810 2149 401000 2150 401061 2149->2150 2151 40101e 2149->2151 2152 40102a signal 2150->2152 2154 401025 2150->2154 2155 401087 2150->2155 2153 401080 2151->2153 2151->2154 2157 4010bb signal 2152->2157 2160 401041 2152->2160 2153->2155 2156 4010e2 signal 2153->2156 2154->2152 2159 401071 2154->2159 2155->2160 2161 40108e signal 2155->2161 2158 401129 signal 2156->2158 2156->2160 2157->2160 2158->2160 2161->2160 2162 40110f signal 2161->2162 2162->2160 2163 403700 GlobalMemoryStatusEx 2168 4033f0 FindResourceExA 2163->2168 2166 4033f0 18 API calls 2167 403781 2166->2167 2169 403450 LoadResource 2168->2169 2170 4036e8 SetLastError 2168->2170 2171 4034c0 atoi FindResourceExA 2169->2171 2172 403468 LockResource 2169->2172 2173 4036d0 SetLastError 2171->2173 2174 40350e LoadResource 2171->2174 2172->2171 2178 403479 2172->2178 2173->2170 2175 403580 atoi 2174->2175 2176 403527 LockResource 2174->2176 2183 4035ce 2175->2183 2176->2175 2177 403538 2176->2177 2177->2175 2181 40355f fprintf 2177->2181 2178->2171 2179 40349f fprintf 2178->2179 2179->2171 2180 403651 2180->2166 2181->2175 2182 403604 2185 40366a fprintf 2182->2185 2186 40360d strcat strlen _itoa strlen 2182->2186 2183->2180 2183->2182 2184 4036a7 fprintf 2183->2184 2184->2182 2185->2186 2186->2180 1819 401dc5 1820 401dd0 GetModuleHandleA GetProcAddress 1819->1820 1821 401e00 GetCurrentProcess 1820->1821 1822 401e13 1820->1822 1821->1822 1823 401e48 1822->1823 1824 401e33 fprintf 1822->1824 1824->1823 2187 401b87 memset strncpy strlen fopen 1825 40124a _setmode 1826 4011bb 1825->1826 1827 4011e0 1826->1827 1828 4011c0 _setmode 1826->1828 1829 401200 __p__fmode 1827->1829 1830 4011e5 _setmode 1827->1830 1828->1827 1831 406b30 1829->1831 1830->1829 1832 401212 __p__environ 1831->1832 1833 406a10 427 API calls 1832->1833 1834 401237 _cexit ExitProcess 1833->1834 1835 40334c 1836 403350 GetCurrentDirectoryA 1835->1836 1850 40320b 1836->1850 1837 4032f0 fprintf 1837->1850 1838 403160 strchr 1840 40317b strchr 1838->1840 1841 4033cc strcat 1838->1841 1839 4032e0 1840->1839 1842 40319d strncat strncat strlen 1840->1842 1841->1839 1843 403317 strncat 1842->1843 1842->1850 1843->1850 1844 403335 strcat 1844->1836 1844->1850 1845 403377 strcat 1845->1850 1846 40326c strstr 1847 403291 GetEnvironmentVariableA 1846->1847 1846->1850 1849 4033b2 strcat 1847->1849 1847->1850 1849->1850 1850->1836 1850->1837 1850->1838 1850->1839 1850->1844 1850->1845 1850->1846 1851 4023b0 strstr 1850->1851 1852 4023d6 strstr 1851->1852 1853 402448 strchr strrchr 1851->1853 1852->1853 1856 4023f0 strstr 1852->1856 1854 402503 RegOpenKeyExA 1853->1854 1855 402485 RegOpenKeyExA 1853->1855 1858 4024ae RegQueryValueExA RegCloseKey 1854->1858 1859 40252c 1854->1859 1857 4024f4 1855->1857 1855->1858 1856->1853 1860 40240a strstr 1856->1860 1857->1850 1858->1857 1859->1855 1860->1853 1861 402424 strstr 1860->1861 1861->1853 1862 40243e 1861->1862 1862->1850 1863 4030cc 1864 4030d0 strcat strlen 1863->1864 1865 401fcc 1866 401fd0 FormatMessageA 1865->1866 1867 402013 strlen strcat LocalFree 1866->1867 1868 402096 fprintf 1866->1868 1868->1867 1869 402e4e 1870 402e50 1869->1870 1871 402e70 1870->1871 1872 402ea1 1870->1872 1873 402cb0 45 API calls 1871->1873 1874 402cb0 45 API calls 1872->1874 1875 402e81 1873->1875 1874->1875 1507 401290 __set_app_type 1510 401150 SetUnhandledExceptionFilter 1507->1510 1524 406b60 1510->1524 1512 40116e __getmainargs 1513 401200 __p__fmode 1512->1513 1514 4011a8 1512->1514 1525 406b30 1513->1525 1516 4011bb 1514->1516 1520 40124a _setmode 1514->1520 1517 4011e0 1516->1517 1518 4011c0 _setmode 1516->1518 1517->1513 1521 4011e5 _setmode 1517->1521 1518->1517 1520->1516 1521->1513 1524->1512 1526 401212 __p__environ 1525->1526 1527 406a10 1526->1527 1528 406a24 1527->1528 1529 406a29 GetCommandLineA GetStartupInfoA 1528->1529 1530 406a42 GetModuleHandleA 1529->1530 1532 406b00 1530->1532 1535 4013b0 1532->1535 1592 405d30 1535->1592 1537 4013c7 1538 4013d2 1537->1538 1539 40185b memset 1537->1539 1540 4013d5 1538->1540 1682 4021a0 FindResourceExA 1538->1682 1541 4020c0 5 API calls 1539->1541 1696 401ed0 GetLastError 1540->1696 1544 401888 1541->1544 1547 4018bc FindWindowExA 1544->1547 1551 40188e ShowWindow SetForegroundWindow 1544->1551 1553 4018e9 GetWindowTextA strstr 1544->1553 1545 4013fc 1548 401402 strstr 1545->1548 1549 40141b 1545->1549 1546 4013da 1550 401237 _cexit ExitProcess 1546->1550 1547->1544 1548->1549 1554 4021a0 5 API calls 1549->1554 1552 401c10 fclose 1551->1552 1552->1544 1553->1551 1555 401915 FindWindowExA 1553->1555 1556 40142f 1554->1556 1555->1544 1555->1553 1557 40143c 1556->1557 1558 4021a0 5 API calls 1556->1558 1559 401458 CreateWindowExA 1557->1559 1561 401591 1557->1561 1560 4015f5 1558->1560 1562 401616 1559->1562 1583 4014cc 1559->1583 1560->1557 1563 4015fd strstr 1560->1563 1565 4014d6 SetTimer 1561->1565 1566 4017ee 1561->1566 1587 40159b fprintf 1561->1587 1588 4015cc 1561->1588 1712 406830 CloseHandle CloseHandle 1561->1712 1716 4020c0 FindResourceExA 1562->1716 1563->1557 1563->1562 1565->1540 1565->1583 1571 401837 fwrite 1566->1571 1572 4017fc 1566->1572 1567 401642 1569 401646 atoi 1567->1569 1570 40165d 1567->1570 1569->1570 1573 4021a0 5 API calls 1570->1573 1571->1572 1724 406830 CloseHandle CloseHandle 1572->1724 1575 401686 1573->1575 1577 4016a3 1575->1577 1578 40168a strstr 1575->1578 1576 401801 1580 401c10 fclose 1576->1580 1581 4021a0 5 API calls 1577->1581 1578->1577 1579 40155d GetMessageA 1582 401547 TranslateMessage DispatchMessageA 1579->1582 1579->1583 1580->1546 1584 4016b9 LoadImageA 1581->1584 1582->1579 1583->1540 1583->1561 1583->1565 1583->1566 1583->1579 1689 406860 1583->1689 1584->1540 1586 4016f4 7 API calls 1584->1586 1586->1561 1587->1561 1589 401817 fprintf 1588->1589 1590 4015da 1588->1590 1589->1571 1713 401c10 1590->1713 1725 406c70 1592->1725 1594 405d3d GetModuleHandleA 1595 405d70 memset GetModuleFileNameA 1594->1595 1596 405d60 1594->1596 1597 406350 1595->1597 1598 405df8 strrchr 1595->1598 1596->1537 1597->1537 1598->1597 1599 405e1c 1598->1599 1600 401c30 12 API calls 1599->1600 1601 405e35 1600->1601 1601->1596 1602 405e3f GetModuleHandleA GetProcAddress 1601->1602 1603 405e68 GetCurrentProcess 1602->1603 1604 405e7b 1602->1604 1603->1604 1605 405eb0 FindResourceExA 1604->1605 1606 405e96 1604->1606 1607 405e9b fprintf 1604->1607 1608 405ee3 LoadResource 1605->1608 1609 40638b SetLastError 1605->1609 1606->1607 1607->1605 1610 405f35 FindResourceExA 1608->1610 1611 405efc LockResource 1608->1611 1612 4063a6 SetLastError 1609->1612 1610->1612 1613 405f68 LoadResource 1610->1613 1611->1610 1621 405f0d 1611->1621 1618 4063c1 SetLastError 1612->1618 1614 405f81 LockResource 1613->1614 1615 405fba FindResourceExA 1613->1615 1614->1615 1625 405f92 1614->1625 1616 406361 SetLastError 1615->1616 1617 405fed LoadResource 1615->1617 1619 406323 1616->1619 1617->1619 1620 40600a LockResource 1617->1620 1622 4063dc SetLastError 1618->1622 1619->1597 1623 40632c fprintf 1619->1623 1620->1619 1630 40601f 1620->1630 1621->1610 1624 40641f fprintf 1621->1624 1627 4063f7 fprintf 1622->1627 1623->1597 1624->1610 1625->1615 1628 406447 fprintf 1625->1628 1629 406047 memset FindResourceExA 1627->1629 1628->1615 1629->1618 1631 406097 LoadResource 1629->1631 1630->1627 1630->1629 1632 4060b0 LockResource 1631->1632 1633 4060c1 1631->1633 1632->1633 1634 406138 memset memset GetCurrentDirectoryA FindResourceExA 1633->1634 1635 4060ef CreateMutexA GetLastError 1633->1635 1644 406796 fprintf 1633->1644 1634->1622 1637 4061bd LoadResource 1634->1637 1635->1634 1636 40646f 1635->1636 1638 406482 fprintf 1636->1638 1639 406478 1636->1639 1640 406266 1637->1640 1641 4061da LockResource 1637->1641 1638->1596 1639->1596 1642 404740 162 API calls 1640->1642 1641->1640 1648 4061eb 1641->1648 1643 406278 1642->1643 1643->1596 1645 406282 6 API calls 1643->1645 1644->1633 1645->1619 1646 4064c0 strlen strcat SetEnvironmentVariableA 1645->1646 1646->1619 1649 406502 1646->1649 1647 406214 strncpy strlen 1651 406239 1647->1651 1652 40623f strcat _chdir 1647->1652 1648->1647 1650 4067b9 fprintf 1648->1650 1654 4051e0 38 API calls 1649->1654 1650->1647 1651->1652 1652->1640 1653 4064a6 fprintf 1652->1653 1653->1640 1655 406514 FindResourceExA 1654->1655 1656 406811 SetLastError 1655->1656 1657 40655b LoadResource 1655->1657 1658 4065c4 atoi 1657->1658 1659 406574 LockResource 1657->1659 1660 4067e2 strlen 1658->1660 1661 4065df strlen 1658->1661 1659->1658 1666 406585 1659->1666 1664 4067f7 1660->1664 1662 406600 strcat GlobalMemoryStatusEx 1661->1662 1663 4065f4 1661->1663 1665 4033f0 18 API calls 1662->1665 1663->1662 1664->1656 1667 406671 1665->1667 1666->1658 1668 4065a6 fprintf 1666->1668 1669 4033f0 18 API calls 1667->1669 1668->1658 1670 4066af memset 1669->1670 1671 403790 16 API calls 1670->1671 1672 4066d6 1671->1672 1673 403100 27 API calls 1672->1673 1674 4066fa 1673->1674 1675 405390 85 API calls 1674->1675 1676 406706 1675->1676 1677 405b60 14 API calls 1676->1677 1678 406711 1677->1678 1678->1639 1679 406724 fprintf 1678->1679 1679->1639 1680 406747 fprintf 1679->1680 1680->1639 1681 40676b strlen fprintf 1680->1681 1681->1596 1683 40227d SetLastError 1682->1683 1684 4021ed LoadResource 1682->1684 1683->1545 1685 402260 1684->1685 1686 402206 LockResource 1684->1686 1685->1545 1686->1685 1687 402217 1686->1687 1687->1685 1688 40223f fprintf 1687->1688 1688->1685 1690 406c70 1689->1690 1691 406870 6 API calls 1690->1691 1692 406970 1691->1692 1693 40694d 1691->1693 1692->1583 1694 406983 WaitForSingleObject GetExitCodeProcess CloseHandle CloseHandle 1693->1694 1695 406954 1693->1695 1694->1695 1695->1583 1697 402058 fprintf 1696->1697 1698 401eeb 1696->1698 1700 402077 fprintf 1697->1700 1699 401fd0 FormatMessageA 1698->1699 1701 401fa0 MessageBoxA 1698->1701 1702 401f01 1698->1702 1703 402013 strlen strcat LocalFree 1699->1703 1704 402096 fprintf 1699->1704 1700->1704 1701->1699 1707 401f16 1701->1707 1705 401f70 printf 1702->1705 1706 401f0a puts 1702->1706 1703->1546 1704->1703 1705->1707 1706->1707 1707->1700 1708 401f62 1707->1708 1709 401f2c ShellExecuteA 1707->1709 1710 401f90 fclose 1708->1710 1711 401f6b 1708->1711 1709->1708 1710->1546 1711->1546 1712->1561 1714 401c21 fclose 1713->1714 1715 401c1f 1713->1715 1714->1546 1715->1546 1717 40215b SetLastError 1716->1717 1718 4020fb LoadResource 1716->1718 1719 402170 1717->1719 1718->1719 1720 402114 LockResource 1718->1720 1719->1567 1720->1719 1721 402125 1720->1721 1722 40214f 1721->1722 1723 402179 fprintf 1721->1723 1722->1567 1723->1722 1724->1576 1726 406c76 1725->1726 1882 402e50 1883 402e70 1882->1883 1884 402ea1 1882->1884 1885 402cb0 45 API calls 1883->1885 1886 402cb0 45 API calls 1884->1886 1887 402e81 1885->1887 1886->1887 1888 401dd0 GetModuleHandleA GetProcAddress 1889 401e00 GetCurrentProcess 1888->1889 1891 401e13 1888->1891 1889->1891 1890 401e48 1891->1890 1892 401e33 fprintf 1891->1892 1892->1890 1893 4030d0 strcat strlen 1894 4012d0 memset 1895 4020c0 5 API calls 1894->1895 1896 401309 1895->1896 1897 401311 FindWindowExA 1896->1897 1898 40138d 1896->1898 1897->1898 1899 401338 1897->1899 1900 401340 GetWindowTextA strstr 1899->1900 1901 401397 1900->1901 1902 401368 FindWindowExA 1900->1902 1902->1898 1902->1900 1903 4050d0 1904 406c70 1903->1904 1905 4050e0 6 API calls 1904->1905 1906 4051a0 strlen strcat SetEnvironmentVariableA 1905->1906 1907 40516e 1905->1907 1906->1907 1910 4051d6 1906->1910 1908 405183 fprintf 1907->1908 1909 405177 1907->1909 1908->1909 2193 405010 2194 406c70 2193->2194 2195 40501d memset GetEnvironmentVariableA strlen 2194->2195 2196 405086 strlen strcat SetEnvironmentVariableA 2195->2196 2197 405077 2195->2197 1911 403659 1912 403660 1911->1912 1913 40366a fprintf 1912->1913 1914 40360d strcat strlen _itoa strlen 1912->1914 1913->1914 1915 403651 1914->1915 1916 401959 1917 401960 GetWindowThreadProcessId 1916->1917 1918 401993 GetWindowLongA 1917->1918 1919 401987 1917->1919 1918->1919 1920 4019ae ShowWindow 1918->1920 1920->1919 1921 405cdc 1927 405c6c 1921->1927 1922 405c50 strcpy strstr 1923 405ca5 1922->1923 1922->1927 1924 405c40 1923->1924 1925 405cae strlen strcat 1923->1925 1925->1924 1926 405c70 strchr 1926->1927 1928 405c8b strstr 1926->1928 1927->1922 1927->1926 1927->1928 1928->1923 1928->1926 2198 40261c 2199 402620 2198->2199 2200 402660 strlen 2199->2200 2201 402633 strlen 2199->2201 2202 402675 strcat 2200->2202 2203 40266f 2200->2203 2204 402642 2201->2204 2205 402648 strcat 2201->2205 2203->2202 2204->2205 2206 406a9c 2207 406aa0 GetModuleHandleA 2206->2207 2209 406b00 2207->2209 2210 4013b0 424 API calls 2209->2210 2211 406b1a 2210->2211 1929 4052de 1930 4052e0 SetEnvironmentVariableA 1929->1930 1931 4052ff strtok 1930->1931 1932 405364 1931->1932 1933 40530a strchr 1931->1933 1937 403100 1933->1937 1936 405346 fprintf 1936->1930 1938 406c70 1937->1938 1939 403110 memset memset 1938->1939 1940 4032e0 1939->1940 1941 40315f 1939->1941 1940->1930 1940->1936 1941->1940 1942 403160 strchr 1941->1942 1947 403335 strcat 1941->1947 1948 403350 GetCurrentDirectoryA 1941->1948 1949 4032f0 fprintf 1941->1949 1950 403377 strcat 1941->1950 1951 40326c strstr 1941->1951 1953 4023b0 11 API calls 1941->1953 1943 40317b strchr 1942->1943 1944 4033cc strcat 1942->1944 1943->1940 1945 40319d strncat strncat strlen 1943->1945 1944->1940 1945->1941 1946 403317 strncat 1945->1946 1946->1941 1947->1941 1947->1948 1948->1941 1949->1941 1950->1941 1951->1941 1952 403291 GetEnvironmentVariableA 1951->1952 1952->1941 1954 4033b2 strcat 1952->1954 1953->1941 1954->1941 1955 402ede 1956 402ee0 1955->1956 1957 402ff0 1956->1957 1958 402ef7 1956->1958 1959 402cb0 45 API calls 1957->1959 1960 402cb0 45 API calls 1958->1960 1962 403005 1959->1962 1961 402f0c 1960->1961 1963 402f26 1961->1963 1964 402cb0 45 API calls 1961->1964 1962->1963 1966 402cb0 45 API calls 1962->1966 1965 402f90 strcpy 1963->1965 1967 402f43 1963->1967 1968 403027 1963->1968 1964->1963 1969 402fad fprintf 1965->1969 1970 402fde 1965->1970 1966->1963 1971 402cb0 45 API calls 1967->1971 1972 402cb0 45 API calls 1968->1972 1969->1970 1974 402f58 1971->1974 1975 40303c 1972->1975 1977 402cb0 45 API calls 1974->1977 1978 402f76 1974->1978 1976 402cb0 45 API calls 1975->1976 1975->1978 1976->1978 1977->1978 1978->1965 1978->1970 1979 401e60 1980 401ea0 MessageBoxA 1979->1980 1982 401e73 printf 1979->1982 1983 401960 GetWindowThreadProcessId 1984 401993 GetWindowLongA 1983->1984 1985 401987 1983->1985 1984->1985 1986 4019ae ShowWindow 1984->1986 1986->1985 1987 4019e0 1988 401a20 GetExitCodeProcess 1987->1988 1989 4019ef 1987->1989 1990 401a73 1988->1990 1991 401a46 KillTimer PostQuitMessage 1988->1991 1992 401a90 ShowWindow 1989->1992 1993 4019fc 1989->1993 1990->1991 1996 401a6f 1990->1996 1991->1996 1992->1988 1997 401abd 1992->1997 1994 401b00 EnumWindows 1993->1994 1995 401a12 1993->1995 1994->1988 1995->1988 1997->1988 1998 401acb KillTimer 1997->1998 1999 401ed0 13 API calls 1998->1999 2000 401ae7 PostQuitMessage 1999->2000 2000->1988 2001 402ee0 2002 402ff0 2001->2002 2003 402ef7 2001->2003 2004 402cb0 45 API calls 2002->2004 2005 402cb0 45 API calls 2003->2005 2007 403005 2004->2007 2006 402f0c 2005->2006 2008 402f26 2006->2008 2009 402cb0 45 API calls 2006->2009 2007->2008 2011 402cb0 45 API calls 2007->2011 2010 402f90 strcpy 2008->2010 2012 402f43 2008->2012 2013 403027 2008->2013 2009->2008 2014 402fad fprintf 2010->2014 2015 402fde 2010->2015 2011->2008 2016 402cb0 45 API calls 2012->2016 2017 402cb0 45 API calls 2013->2017 2014->2015 2019 402f58 2016->2019 2020 40303c 2017->2020 2022 402cb0 45 API calls 2019->2022 2023 402f76 2019->2023 2021 402cb0 45 API calls 2020->2021 2020->2023 2021->2023 2022->2023 2023->2010 2023->2015 2024 4025e0 strlen 2025 402601 2024->2025 2212 402620 2213 402660 strlen 2212->2213 2214 402633 strlen 2212->2214 2215 402675 strcat 2213->2215 2216 40266f 2213->2216 2217 402642 2214->2217 2218 402648 strcat 2214->2218 2216->2215 2217->2218 2219 401b20 GetModuleHandleA 2220 401b40 2219->2220 2026 404069 2027 404070 FindResourceExA 2026->2027 2028 4040b4 LoadResource 2027->2028 2029 40426c SetLastError 2027->2029 2030 404110 atoi 2028->2030 2031 4040cd LockResource 2028->2031 2032 404284 fprintf 2029->2032 2033 404126 2030->2033 2034 404208 2030->2034 2031->2030 2038 4040de 2031->2038 2032->2030 2035 402cb0 45 API calls 2033->2035 2036 402cb0 45 API calls 2034->2036 2039 40413b 2035->2039 2036->2039 2037 404155 2040 4041a5 strcpy 2037->2040 2042 404168 2037->2042 2043 40423a 2037->2043 2038->2030 2038->2032 2041 404103 2038->2041 2039->2037 2046 402cb0 45 API calls 2039->2046 2044 4041c3 fprintf 2040->2044 2045 4041f4 2040->2045 2041->2030 2047 402cb0 45 API calls 2042->2047 2048 402cb0 45 API calls 2043->2048 2044->2045 2046->2037 2051 40417d 2047->2051 2048->2051 2050 404197 2050->2040 2052 40405a 2050->2052 2051->2050 2053 402cb0 45 API calls 2051->2053 2053->2050 2054 401269 2055 401270 __set_app_type 2054->2055 2056 401150 436 API calls 2055->2056 2057 401288 2056->2057 2058 4013e9 2059 4013f0 2058->2059 2060 4021a0 5 API calls 2059->2060 2061 4013fc 2060->2061 2062 401402 strstr 2061->2062 2063 40141b 2061->2063 2062->2063 2064 4021a0 5 API calls 2063->2064 2065 40142f 2064->2065 2066 40143c 2065->2066 2067 4021a0 5 API calls 2065->2067 2068 401458 CreateWindowExA 2066->2068 2080 4014cc 2066->2080 2069 4015f5 2067->2069 2070 401616 2068->2070 2068->2080 2069->2066 2071 4015fd strstr 2069->2071 2072 4020c0 5 API calls 2070->2072 2071->2066 2071->2070 2075 401642 2072->2075 2073 4014d6 SetTimer 2076 4013d5 2073->2076 2073->2080 2074 4017ee 2082 401837 fwrite 2074->2082 2083 4017fc 2074->2083 2078 401646 atoi 2075->2078 2079 40165d 2075->2079 2081 401ed0 13 API calls 2076->2081 2077 406860 10 API calls 2077->2080 2078->2079 2084 4021a0 5 API calls 2079->2084 2080->2073 2080->2074 2080->2076 2080->2077 2090 40155d GetMessageA 2080->2090 2097 40159b fprintf 2080->2097 2098 4015cc 2080->2098 2103 406830 CloseHandle CloseHandle 2080->2103 2102 4013da 2081->2102 2082->2083 2104 406830 CloseHandle CloseHandle 2083->2104 2086 401686 2084->2086 2088 4016a3 2086->2088 2089 40168a strstr 2086->2089 2087 401801 2091 401c10 fclose 2087->2091 2092 4021a0 5 API calls 2088->2092 2089->2088 2090->2080 2093 401547 TranslateMessage DispatchMessageA 2090->2093 2091->2102 2094 4016b9 LoadImageA 2092->2094 2093->2090 2094->2076 2096 4016f4 7 API calls 2094->2096 2096->2080 2097->2080 2099 401817 fprintf 2098->2099 2100 4015da 2098->2100 2099->2082 2101 401c10 fclose 2100->2101 2101->2102 2103->2080 2104->2087 2221 402829 2222 402830 memset RegQueryValueExA 2221->2222 2223 4028ed RegCloseKey 2222->2223 2225 402894 2222->2225 2224 402906 strcpy 2223->2224 2226 402814 2223->2226 2224->2226 2225->2225 2227 4028e3 2225->2227 2228 4028bd strlen 2225->2228 2229 402690 8 API calls 2227->2229 2230 4028d2 strcat 2228->2230 2231 4028cc 2228->2231 2232 4028eb 2229->2232 2230->2227 2231->2230 2232->2223 2105 402bec 2106 402bf0 fprintf 2105->2106 2107 401270 __set_app_type 2108 401150 436 API calls 2107->2108 2109 401288 2108->2109 2233 4022b0 FindResourceExA 2234 4022fd LoadResource 2233->2234 2235 40237f SetLastError atoi 2233->2235 2236 402370 atoi 2234->2236 2237 402316 LockResource 2234->2237 2237->2236 2238 402327 2237->2238 2238->2236 2239 40234f fprintf 2238->2239 2239->2236 2110 403071 2111 403080 GetModuleFileNameA 2110->2111 2112 4030b0 strrchr 2111->2112 2113 4030c5 2111->2113 2112->2113 2114 4039f1 2115 403a00 memset FindResourceExA 2114->2115 2116 403b38 SetLastError 2115->2116 2117 403a5a LoadResource 2115->2117 2118 403ad0 2116->2118 2119 403ad9 2116->2119 2117->2118 2120 403a72 LockResource 2117->2120 2118->2119 2121 403ae3 CreateMutexA GetLastError 2118->2121 2120->2118 2125 403a83 2120->2125 2121->2119 2122 403b28 2121->2122 2123 403b31 2122->2123 2124 403b59 fprintf 2122->2124 2124->2123 2125->2118 2126 403aaf fprintf 2125->2126 2126->2118 2240 402531 2241 402540 strchr 2240->2241 2242 40257d 2241->2242 2243 40256d strlen 2241->2243 2244 402597 strncpy strlen 2242->2244 2243->2242 2243->2244 2127 403b77 memset memset GetCurrentDirectoryA FindResourceExA 2128 403c10 LoadResource 2127->2128 2129 403cd7 SetLastError 2127->2129 2130 403cd0 2128->2130 2131 403c2d LockResource 2128->2131 2131->2130 2133 403c42 2131->2133 2132 403c73 strncpy strlen 2135 403c98 2132->2135 2136 403c9e strcat _chdir 2132->2136 2133->2132 2134 403cf4 fprintf 2133->2134 2134->2132 2135->2136 2136->2130 2137 403cbb fprintf 2136->2137 2137->2130 2138 401afc 2139 401b00 EnumWindows 2138->2139 2140 401a20 GetExitCodeProcess 2139->2140 2141 401a73 2140->2141 2142 401a46 KillTimer PostQuitMessage 2140->2142 2141->2142 2143 401a6f 2141->2143 2142->2143 2144 40397e 2145 403900 2144->2145 2146 403968 _close 2145->2146 2147 403957 strlen 2145->2147 2148 403976 2146->2148 2147->2146

                                                                                                                                                                                                              Callgraph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              • Opacity -> Relevance
                                                                                                                                                                                                              • Disassembly available
                                                                                                                                                                                                              callgraph 0 Function_00404040 97 Function_00402CB0 0->97 1 Function_00404740 37 Function_00403D20 1->37 96 Function_004042B0 1->96 1->97 2 Function_00401149 3 Function_0040124A 31 Function_00406A10 3->31 48 Function_00406B30 3->48 4 Function_0040334C 100 Function_004023B0 4->100 5 Function_00402E4E 5->97 6 Function_00402E50 6->97 7 Function_00401E50 8 Function_00401150 17 Function_00406B60 8->17 8->31 8->48 9 Function_00403659 10 Function_00406859 11 Function_00401959 12 Function_00405B5E 13 Function_00401E60 14 Function_00401960 15 Function_00406860 22 Function_00406C70 15->22 16 Function_00405B60 16->22 18 Function_00404069 18->97 19 Function_00401269 19->8 20 Function_00401270 20->8 21 Function_00406B70 23 Function_00403071 24 Function_00403B77 25 Function_0040397E 26 Function_00406C00 98 Function_004012B0 26->98 27 Function_00401000 27->17 28 Function_00406A00 29 Function_00403100 29->22 29->100 30 Function_00403700 72 Function_004033F0 30->72 31->22 31->26 95 Function_004013B0 31->95 32 Function_00401C10 33 Function_00405010 33->22 34 Function_00403D17 35 Function_0040261C 36 Function_0040291C 37->22 37->29 84 Function_00402690 37->84 38 Function_00402620 39 Function_00401B20 40 Function_00402920 92 Function_004027A0 40->92 41 Function_00402829 41->84 42 Function_00401C2C 43 Function_0040682C 44 Function_00405D2C 45 Function_00401C30 45->22 46 Function_00405D30 46->1 46->16 46->22 46->29 46->45 63 Function_004051E0 46->63 46->72 82 Function_00405390 46->82 83 Function_00403790 46->83 47 Function_00406830 49 Function_00402531 50 Function_004020C0 51 Function_00401DC5 52 Function_004030CC 53 Function_00401FCC 54 Function_00406ACE 54->95 55 Function_00401DD0 56 Function_004030D0 57 Function_00401ED0 58 Function_004012D0 58->50 59 Function_004050D0 59->22 60 Function_00405CDC 61 Function_004052DE 61->29 62 Function_00402EDE 62->97 63->22 63->29 64 Function_004019E0 64->57 65 Function_00402EE0 65->97 66 Function_004025E0 67 Function_004069E0 68 Function_004033E5 69 Function_00406CE9 70 Function_004013E9 70->15 70->32 70->47 70->50 70->57 93 Function_004021A0 70->93 71 Function_00402BEC 91 Function_00406CA0 72->91 73 Function_004069F0 74 Function_004039F1 75 Function_00406BF9 76 Function_00401AFC 77 Function_00401B87 78 Function_00405387 79 Function_00403789 80 Function_0040268C 81 Function_0040398E 82->22 82->29 85 Function_00401290 85->8 86 Function_00402199 87 Function_00402799 88 Function_00406B99 88->98 89 Function_00406A9C 89->95 90 Function_00406BA0 90->98 92->84 94 Function_004042A7 95->15 95->32 95->46 95->47 95->50 95->57 95->93 97->40 99 Function_004022B0 101 Function_004020B9 102 Function_004012BC

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 0 405d30-405d5e call 406c70 GetModuleHandleA 3 405d70-405df2 memset GetModuleFileNameA 0->3 4 405d60-405d6e 0->4 5 406350-406360 3->5 6 405df8-405e16 strrchr 3->6 6->5 7 405e1c-405e39 call 401c30 6->7 7->4 10 405e3f-405e66 GetModuleHandleA GetProcAddress 7->10 11 405e68-405e7b GetCurrentProcess 10->11 12 405e7e-405e85 10->12 11->12 13 405eb0-405edd FindResourceExA 12->13 14 405e87-405e94 12->14 18 405ee3-405efa LoadResource 13->18 19 40638b-40639e SetLastError 13->19 16 405e96 14->16 17 405e9b-405eab fprintf 14->17 16->17 17->13 20 405f35-405f62 FindResourceExA 18->20 21 405efc-405f0b LockResource 18->21 22 4063a6-4063b9 SetLastError 19->22 20->22 23 405f68-405f7f LoadResource 20->23 21->20 24 405f0d 21->24 32 4063c1-4063d4 SetLastError 22->32 25 405f81-405f90 LockResource 23->25 26 405fba-405fe7 FindResourceExA 23->26 27 405f0f-405f1c 24->27 25->26 28 405f92 25->28 29 406361-406374 SetLastError 26->29 30 405fed-406004 LoadResource 26->30 27->27 31 405f1e-405f26 27->31 33 405f94-405fa1 28->33 34 406377-40637e 29->34 30->34 35 40600a-406019 LockResource 30->35 31->20 36 405f28-405f2f 31->36 37 4063dc-4063ef SetLastError 32->37 33->33 38 405fa3-405fab 33->38 34->5 40 406380-406389 34->40 35->34 39 40601f 35->39 36->20 41 40641f-406442 fprintf 36->41 45 4063f7-40641a fprintf 37->45 38->26 42 405fad-405fb4 38->42 43 406021-40602e 39->43 44 406335-406349 fprintf 40->44 41->20 42->26 46 406447-40646a fprintf 42->46 43->43 47 406030-406038 43->47 44->5 48 406047-406091 memset FindResourceExA 45->48 46->26 47->48 49 40603a-406041 47->49 48->32 50 406097-4060ae LoadResource 48->50 49->45 49->48 51 4060b0-4060bf LockResource 50->51 52 4060e6-4060ed 50->52 51->52 53 4060c1 51->53 54 406138-4061b7 memset * 2 GetCurrentDirectoryA FindResourceExA 52->54 55 4060ef-406132 CreateMutexA GetLastError 52->55 56 4060c3-4060cd 53->56 54->37 58 4061bd-4061d4 LoadResource 54->58 55->54 57 40646f-406476 55->57 56->56 59 4060cf-4060d7 56->59 60 406482-4064a1 fprintf 57->60 61 406478-40647d 57->61 62 406266-40627c call 404740 58->62 63 4061da-4061e9 LockResource 58->63 59->52 65 4060d9-4060e0 59->65 60->4 61->4 62->4 70 406282-40631d memset strcpy strlen memset GetEnvironmentVariableA strlen 62->70 63->62 66 4061eb 63->66 65->52 68 406796-4067b4 fprintf 65->68 69 4061ed-4061fb 66->69 68->52 69->69 71 4061fd-406205 69->71 72 4064c0-4064fc strlen strcat SetEnvironmentVariableA 70->72 73 406323-40632a 70->73 74 406214-406237 strncpy strlen 71->74 75 406207-40620e 71->75 72->73 77 406502-406555 call 4051e0 FindResourceExA 72->77 73->5 76 40632c-406331 73->76 79 406239 74->79 80 40623f-406260 strcat _chdir 74->80 75->74 78 4067b9-4067dd fprintf 75->78 76->44 84 406811-406824 SetLastError 77->84 85 40655b-406572 LoadResource 77->85 78->74 79->80 80->62 81 4064a6-4064bb fprintf 80->81 81->62 86 4065c4-4065d9 atoi 85->86 87 406574-406583 LockResource 85->87 89 4067e2-4067f5 strlen 86->89 90 4065df-4065f2 strlen 86->90 87->86 88 406585 87->88 91 406587-406591 88->91 94 406803-406808 89->94 95 4067f7-4067fc 89->95 92 406600-406701 strcat GlobalMemoryStatusEx call 4033f0 * 2 memset call 403790 call 403100 call 405390 90->92 93 4065f4-4065f9 90->93 91->91 96 406593-40659b 91->96 108 406706-406718 call 405b60 92->108 93->92 94->84 95->94 96->86 98 40659d-4065a4 96->98 98->86 100 4065a6-4065bf fprintf 98->100 100->86 111 406724-406745 fprintf 108->111 112 40671a-40671f 108->112 111->112 113 406747-406769 fprintf 111->113 112->4 113->112 114 40676b-406791 strlen fprintf 113->114 114->4
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000006.00000002.2301704153.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301686978.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301721482.0000000000409000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301745608.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301745608.0000000000412000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301790428.0000000000414000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_6_2_400000_install.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: ModuleResource$Handle$AddressCurrentFileFindLoadLockNameProcProcessfprintfmemsetstrrchr
                                                                                                                                                                                                              • String ID: -Dfile.encoding=UTF-8 -classpath "lib\.;lib\..;lib\asm-all.jar;lib\dn-compiled-module.jar;lib\dn-php-sdk.jar;lib\gson.jar;lib\jphp-app-framework.jar;lib\jphp-core.jar;lib\jphp-desktop-ext.jar;lib\jphp-gui-ext.jar;lib\jphp-json-ext.jar;lib\jphp-runtime.jar;lib\$-Xms$-Xmx$An error occurred while starting the application.$Args length:%d/32768 chars$C:\Users\user\AppData\Roaming\InstallerPDW$C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe$Error:%s$Instance already exists.$IsWow64Process$Laun$Launcher args:%s$Launcher:%s$Resource %d:%s$Startup error message not defined.$WOW64:%s$Working dir:%s$\bin$appendToPathVar failed.$bin\java.exe$bin\javaw.exe$ch4j$yes
                                                                                                                                                                                                              • API String ID: 919401838-1286945638
                                                                                                                                                                                                              • Opcode ID: 21ae6c9811f0b7acf9c635b5d58b30deac40c730b272572d7bd2d6732a514534
                                                                                                                                                                                                              • Instruction ID: bf9eff1d8a15de45e5a137a0cf06cc9be9fda6a92e4b939ea636d94b2118cc52
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 21ae6c9811f0b7acf9c635b5d58b30deac40c730b272572d7bd2d6732a514534
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6A521EB09087018BD714EF29D58025EBBE1EF84344F15C87FE889AB391DB7C89658F4A

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 185 404740-404794 FindResourceExA 186 40479a-4047b1 LoadResource 185->186 187 404c7b-404c8b SetLastError 185->187 188 404810-404859 FindResourceExA 186->188 189 4047b3-4047c2 LockResource 186->189 193 404c93-404ca6 SetLastError 187->193 190 404cae-404cc1 SetLastError 188->190 191 40485f-404876 LoadResource 188->191 189->188 192 4047c4-4047c9 189->192 197 404cc9-404ce0 call 402cb0 190->197 194 4048e0-4048f7 strchr 191->194 195 404878-404887 LockResource 191->195 196 4047d0-4047da 192->196 193->190 199 4048f9-404907 strlen 194->199 200 40490d-40491d strcpy 194->200 195->194 198 404889-40488c 195->198 196->196 201 4047dc-4047e4 196->201 211 404ce6-404cee 197->211 212 404f7d-404f92 call 402cb0 197->212 203 404890-40489d 198->203 199->200 204 404afc-404b4c strncpy strlen strcat 199->204 205 404922-404950 FindResourceExA 200->205 201->188 206 4047e6-4047ed 201->206 203->203 209 40489f-4048a7 203->209 204->205 205->193 210 404956-40496c LoadResource 205->210 206->188 207 4047ef-40480d fprintf 206->207 207->188 209->194 213 4048a9-4048b0 209->213 214 4049e0-4049f7 strchr 210->214 215 40496e-40497d LockResource 210->215 217 404cf4-404d10 strcpy 211->217 218 404a39-404a53 call 403d20 211->218 237 404f97-404fae call 402cb0 212->237 213->194 221 4048b2-4048d9 fprintf 213->221 219 4049f9-404a07 strlen 214->219 220 404a0d-404a1d strcpy 214->220 215->214 222 40497f-404981 215->222 225 404a55-404a5f 217->225 226 404d16-404d22 217->226 218->225 239 404a97-404aa6 call 4042b0 218->239 219->220 227 404aa7-404af7 strncpy strlen strcat 219->227 228 404a22-404a2a 220->228 221->194 223 404990-40499d 222->223 223->223 230 40499f-4049a7 223->230 231 404d24 226->231 232 404d29-404d47 fprintf 226->232 227->228 233 404a60-404a6d call 403d20 228->233 234 404a2c-404a33 228->234 230->214 236 4049a9-4049b0 230->236 231->232 232->225 246 404a72-404a74 233->246 234->218 238 404b51-404b8f FindResourceExA 234->238 236->214 241 4049b2-4049d9 fprintf 236->241 254 404fb4-404fc0 237->254 255 404e97-404e9f 237->255 244 404f33-404f43 SetLastError 238->244 245 404b95-404bac LoadResource 238->245 241->214 257 404f4b-404f62 call 402cb0 244->257 250 404bea-404bfa atoi 245->250 251 404bae-404bbd LockResource 245->251 246->225 247 404a76-404a84 246->247 252 404a8a-404a95 247->252 253 404d7e-404dbb FindResourceExA 247->253 258 404c00-404c18 call 402cb0 250->258 259 404d4c-404d63 call 402cb0 250->259 251->250 256 404bbf-404bc1 251->256 252->225 252->239 264 404dc1-404dd8 LoadResource 253->264 265 404fc9-404fd9 SetLastError 253->265 254->265 255->252 260 404ea5-404ec1 strcpy 255->260 262 404bd0-404bda 256->262 275 404e55-404e5d 257->275 276 404f68-404f74 257->276 278 404c1a-404c2a call 402cb0 258->278 279 404c2f-404c37 258->279 259->279 283 404d69-404d75 259->283 270 404ec3-404ecf 260->270 271 404ef4-404efb 260->271 262->262 273 404bdc-404be4 262->273 267 404e10-404e20 atoi 264->267 268 404dda-404de9 LockResource 264->268 285 404fe1-404fff fprintf 265->285 267->257 282 404e26-404e3e call 402cb0 267->282 268->267 277 404deb 268->277 280 404ed1 270->280 281 404ed6-404eef fprintf 270->281 284 404f03-404f0a 271->284 273->250 273->284 275->260 291 404e5f-404e62 275->291 276->212 286 404ded-404df7 277->286 278->279 279->217 288 404c3d-404c40 279->288 280->281 281->271 282->275 298 404e40-404e50 call 402cb0 282->298 283->253 284->250 290 404f10-404f2e fprintf 284->290 285->267 286->286 292 404df9-404e01 286->292 288->197 293 404c46-404c5e call 402cb0 288->293 290->250 291->237 295 404e68-404e80 call 402cb0 291->295 292->267 296 404e03-404e0a 292->296 293->211 304 404c64-404c79 call 402cb0 293->304 295->255 303 404e82-404e92 call 402cb0 295->303 296->267 296->285 298->275 303->255 304->211
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000006.00000002.2301704153.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301686978.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301721482.0000000000409000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301745608.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301745608.0000000000412000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301790428.0000000000414000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_6_2_400000_install.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Resource$FindLoadLock$fprintf$ErrorLaststrchrstrcpystrlen
                                                                                                                                                                                                              • String ID: 1.8.0$1.8.0$C:\Users\user\AppData\Roaming\InstallerPDW\jre$C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe$Resource %d:%s$Runtime used:%s (%s-bit)$true
                                                                                                                                                                                                              • API String ID: 1095060389-3988659803
                                                                                                                                                                                                              • Opcode ID: 1e1ebbd2596e796659a365ff710677ee0d78a079d6b67fc0678fadb0c843e369
                                                                                                                                                                                                              • Instruction ID: 877def55760d6699fa8b0a675f498fd38e355f95ffd6f34839a3e279e3ce58b8
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1e1ebbd2596e796659a365ff710677ee0d78a079d6b67fc0678fadb0c843e369
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 70225DB4A083019BD700AF65D64435FBBE1AB84344F01C87FE989AB3C2D77C9955DB8A

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 308 4013b0-4013cc call 405d30 311 4013d2-4013d3 308->311 312 40185b-40188a memset call 4020c0 308->312 313 4013f0-401400 call 4021a0 311->313 314 4013d5-4013da call 401ed0 311->314 321 4018bc-4018e1 FindWindowExA 312->321 322 40188c 312->322 324 401402-401415 strstr 313->324 325 40141b-401436 call 4021a0 313->325 326 4013df-4013e6 314->326 321->322 323 4018e3 321->323 327 40188e-4018b2 ShowWindow SetForegroundWindow call 401c10 322->327 329 4018e9-40190f GetWindowTextA strstr 323->329 324->325 330 40180d-401812 324->330 336 4015e9-4015f7 call 4021a0 325->336 337 40143c 325->337 327->321 329->327 333 401915-401938 FindWindowExA 329->333 330->325 333->329 335 40193a 333->335 335->322 339 401441-40144e 336->339 346 4015fd-401610 strstr 336->346 337->339 340 401450-401452 339->340 341 401458-4014c6 CreateWindowExA 339->341 340->341 343 4017e6-4017e8 340->343 344 40161b-401644 call 4020c0 341->344 345 4014cc-4014d4 341->345 348 4014d6-401504 SetTimer 343->348 351 4017ee 343->351 355 401646-401657 atoi 344->355 356 401668-401688 call 4021a0 344->356 345->348 349 40150a-40151a call 406860 345->349 346->339 350 401616 346->350 348->314 348->349 357 40151f-401521 349->357 350->344 354 4017f3-4017fa 351->354 358 401837-401859 fwrite 354->358 359 4017fc-401808 call 406830 call 401c10 354->359 360 40165d-401662 355->360 361 40193f-401944 355->361 369 4016a3-4016ee call 4021a0 LoadImageA 356->369 370 40168a-40169d strstr 356->370 357->314 363 401527-40152f 357->363 358->359 359->326 360->356 361->356 366 401531-401539 363->366 367 40153f-401545 363->367 366->354 366->367 371 40155d-40157c GetMessageA 367->371 369->314 382 4016f4-4017de SendMessageA GetWindowRect GetSystemMetrics * 2 SetWindowPos ShowWindow UpdateWindow 369->382 370->369 373 401949-40194e 370->373 375 401547-40155a TranslateMessage DispatchMessageA 371->375 376 40157e-401586 371->376 373->369 375->371 379 4015b0-4015bc call 406830 376->379 380 401588-40158f 376->380 387 4015cc-4015d4 379->387 388 4015be-4015c6 379->388 380->379 383 401591-401599 380->383 385 4017e1 382->385 383->379 386 40159b-4015ab fprintf 383->386 385->343 386->379 389 401817-40182d fprintf 387->389 390 4015da-4015e4 call 401c10 387->390 388->385 388->387 389->358 390->326
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                • Part of subcall function 00405D30: GetModuleHandleA.KERNEL32(?,004013C7), ref: 00405D4D
                                                                                                                                                                                                              • strstr.MSVCRT ref: 0040140E
                                                                                                                                                                                                              • CreateWindowExA.USER32 ref: 004014B1
                                                                                                                                                                                                              • SetTimer.USER32 ref: 004014FA
                                                                                                                                                                                                              • GetMessageA.USER32 ref: 00401572
                                                                                                                                                                                                                • Part of subcall function 00401ED0: GetLastError.KERNEL32(?,?,?,?,?,?,?,?,004013DA), ref: 00401ED7
                                                                                                                                                                                                                • Part of subcall function 00401ED0: puts.MSVCRT ref: 00401F11
                                                                                                                                                                                                                • Part of subcall function 00401ED0: ShellExecuteA.SHELL32 ref: 00401F5A
                                                                                                                                                                                                              • memset.MSVCRT ref: 00401873
                                                                                                                                                                                                              • ShowWindow.USER32 ref: 0040189A
                                                                                                                                                                                                              • SetForegroundWindow.USER32 ref: 004018A5
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000006.00000002.2301704153.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301686978.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301721482.0000000000409000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301745608.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301745608.0000000000412000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301790428.0000000000414000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_6_2_400000_install.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Window$CreateErrorExecuteForegroundHandleLastMessageModuleShellShowTimermemsetputsstrstr
                                                                                                                                                                                                              • String ID: --l4j-dont-wait$--l4j-no-splash$--l4j-no-splash-err$Exit code:%d$Exit code:%d, restarting the application!$STATIC
                                                                                                                                                                                                              • API String ID: 2862500452-2488410787
                                                                                                                                                                                                              • Opcode ID: ef69a45fb9a8d98a3e7d4beaa163ba7c94590803dc5b94dc991fefc783aab643
                                                                                                                                                                                                              • Instruction ID: 24b147bc9a002fea4a62b88368d981a48f0c15b8e85cb8378e8374e035e88a4e
                                                                                                                                                                                                              • Opcode Fuzzy Hash: ef69a45fb9a8d98a3e7d4beaa163ba7c94590803dc5b94dc991fefc783aab643
                                                                                                                                                                                                              • Instruction Fuzzy Hash: CBE14CB19083018BD714EF3AD54131BBAE5AF84344F01C93FE989A73A1DB78D8519B8B

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000006.00000002.2301704153.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301686978.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301721482.0000000000409000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301745608.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301745608.0000000000412000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301790428.0000000000414000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_6_2_400000_install.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: _setmode$ExceptionExitFilterProcessUnhandled__getmainargs__p__environ__p__fmode_cexit
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3695137517-0
                                                                                                                                                                                                              • Opcode ID: 60854d5bb89194ddad18fca627b3fed1a2910dcd429b76d8ba96fdf7a2bac1dc
                                                                                                                                                                                                              • Instruction ID: 9b036dcc62e5206002a8964a93b809c6819fe7ae1a2a78e05521c6610f765c41
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 60854d5bb89194ddad18fca627b3fed1a2910dcd429b76d8ba96fdf7a2bac1dc
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 34212AB4A053048FC704FF65D58161ABBF5BF88344F01C93EE895A73A6DB389850CB5A

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 115 405390-40545e call 406c70 memset * 4 FindResourceExA 118 405464-40547b LoadResource 115->118 119 405a9e-405ab1 SetLastError 115->119 120 4054cd-405517 FindResourceExA 118->120 121 40547d-40548c LockResource 118->121 122 405ab9-405ad3 strcat strlen 119->122 124 405a83-405a96 SetLastError 120->124 125 40551d-405533 LoadResource 120->125 121->120 123 40548e 121->123 126 405ad8-405add 122->126 127 405490-40549a 123->127 124->119 128 405535-405544 LockResource 125->128 129 405597-4055c4 FindResourceExA 125->129 136 405ae9-405b0b strcat strlen 126->136 127->127 132 40549c-4054a4 127->132 128->129 133 405546-405549 128->133 130 4058e6-4058f9 SetLastError 129->130 131 4055ca-4055e1 LoadResource 129->131 134 4058fc-4058fe 130->134 131->134 135 4055e7-4055f6 LockResource 131->135 132->120 137 4054a6-4054ad 132->137 138 405550-40555e 133->138 139 405900-405942 strlen strcat strlen 134->139 140 40595b-4059a9 strlen strncat strlen 134->140 135->134 141 4055fc-4055fe 135->141 136->126 137->120 142 4054af-4054c8 fprintf 137->142 138->138 143 405560-405568 138->143 144 405947-40595a 139->144 146 4059b7-4059d9 strcat strlen 140->146 147 4059ab-4059b0 140->147 145 405600-40560d 141->145 142->120 143->129 148 40556a-405571 143->148 145->145 150 40560f-405617 145->150 146->144 147->146 148->129 149 405573-405592 fprintf 148->149 149->129 151 405626-405653 FindResourceExA 150->151 152 405619-405620 150->152 154 405a39-405a4c SetLastError 151->154 155 405659-405670 LoadResource 151->155 152->151 153 405b0d-405b30 fprintf 152->153 153->151 157 405a4f-405a56 154->157 156 405676-405685 LockResource 155->156 155->157 156->157 158 40568b 156->158 159 4056b4-405713 call 403100 strlen 157->159 160 405a5c-405a7e fwrite 157->160 162 40568d-40569b 158->162 159->122 165 405719-405720 159->165 160->159 162->162 164 40569d-4056a5 162->164 164->159 166 4056a7-4056ae 164->166 165->136 167 405726-405741 strtok 165->167 166->159 168 405b35-405b59 fprintf 166->168 169 405897-4058e5 strlen * 2 strcat 167->169 170 405747-405749 167->170 168->159 171 405750-405757 170->171 172 40575d-405770 strpbrk 171->172 173 4059de-405a06 fprintf strpbrk 171->173 174 405776-40578b strrchr 172->174 175 405a0c-405a34 strcat strlen 172->175 173->174 173->175 176 405792-4057d2 strncpy _findfirst 174->176 177 40578d-40578f 174->177 178 405878-405891 strtok 175->178 179 405870-405873 _findclose 176->179 180 4057d8-4057de 176->180 177->176 178->169 178->171 179->178 181 4057f6-405837 strcpy strcat strlen 180->181 182 4057e0-4057f4 _findnext 181->182 183 405839-405868 fprintf _findnext 181->183 182->179 182->181 183->181 184 40586a 183->184 184->179
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000006.00000002.2301704153.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301686978.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301721482.0000000000409000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301745608.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301745608.0000000000412000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301790428.0000000000414000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_6_2_400000_install.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Resource$strlen$strcat$ErrorFindLastLoadLockfprintfmemset$_findnextstrpbrkstrtok$_findclose_findfirstfwritestrcpystrncatstrncpystrrchr
                                                                                                                                                                                                              • String ID: " :%s$-Dfile.encoding=UTF-8 -classpath "lib\.;lib\..;lib\asm-all.jar;lib\dn-compiled-module.jar;lib\dn-php-sdk.jar;lib\gson.jar;lib\jphp-app-framework.jar;lib\jphp-core.jar;lib\jphp-desktop-ext.jar;lib\jphp-gui-ext.jar;lib\jphp-json-ext.jar;lib\jphp-runtime.jar;lib\$-cla$-jar$-jar$Add classpath:%s$Resource %d:%s$org.develnext.jphp.ext.javafx.FXLauncher$sspa$th "$true
                                                                                                                                                                                                              • API String ID: 689643918-4039676490
                                                                                                                                                                                                              • Opcode ID: f3cc387d6fe282e7dd2616dd62daa608cb237d8618ec9fd67493d2c34684ebff
                                                                                                                                                                                                              • Instruction ID: 45e07854ae54010095be9281c7dcb4a820f195fbc1c947dc7b9175b2af9540e9
                                                                                                                                                                                                              • Opcode Fuzzy Hash: f3cc387d6fe282e7dd2616dd62daa608cb237d8618ec9fd67493d2c34684ebff
                                                                                                                                                                                                              • Instruction Fuzzy Hash: AE1261B09087018BD710AF29C54065BBBE5EF94304F0589BFE8C9AB391D77D8995CF8A

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 393 403d20-403d7d call 406c70 memset FindResourceExA 396 403e91-403ea9 SetLastError 393->396 397 403d83-403d9a LoadResource 393->397 398 403eb0-403eb9 396->398 397->398 399 403da0-403daf LockResource 397->399 399->398 400 403db5-403db9 399->400 401 403dc0-403dca 400->401 401->401 402 403dcc-403dd4 401->402 403 403de3-403e1e memset call 403100 402->403 404 403dd6-403ddd 402->404 408 403fc4-403fd4 fprintf 403->408 409 403e24-403e2b 403->409 404->403 406 403fde-403ffc fprintf 404->406 406->403 408->406 410 403e3a-403e45 strcpy 409->410 411 403e2d-403e34 409->411 413 403e4a-403e51 call 402690 410->413 411->410 412 403f77-403fa1 strncpy strlen 411->412 415 403fa3-403fa8 412->415 416 403faf-403fbf strcat 412->416 417 403e56-403e58 413->417 415->416 416->413 417->398 418 403e5a-403e62 417->418 419 403e64 418->419 420 403eba-403efb FindResourceExA 418->420 421 403e69-403e90 strcpy 419->421 422 404001-404017 SetLastError 420->422 423 403f01-403f18 LoadResource 420->423 424 403f50-403f6c 422->424 423->424 425 403f1a-403f29 LockResource 423->425 424->421 427 403f72 424->427 425->424 426 403f2b 425->426 428 403f2d-403f37 426->428 427->412 428->428 429 403f39-403f41 428->429 429->424 430 403f43-403f4a 429->430 430->424 431 40401c-40403a fprintf 430->431 431->424
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • memset.MSVCRT ref: 00403D50
                                                                                                                                                                                                              • FindResourceExA.KERNEL32(00000003,00412360,?), ref: 00403D73
                                                                                                                                                                                                              • LoadResource.KERNEL32(?,?,?,00404A72), ref: 00403D90
                                                                                                                                                                                                              • LockResource.KERNEL32(?,?,?,?,?,00404A72), ref: 00403DA3
                                                                                                                                                                                                              • memset.MSVCRT ref: 00403DFB
                                                                                                                                                                                                              • strcpy.MSVCRT ref: 00403E45
                                                                                                                                                                                                              • strcpy.MSVCRT(?,?,?,?,?,?,?,?,?,?,?,00404A72), ref: 00403E7F
                                                                                                                                                                                                              • SetLastError.KERNEL32(?,?,?,00404A72), ref: 00403E98
                                                                                                                                                                                                              • FindResourceExA.KERNEL32 ref: 00403EF1
                                                                                                                                                                                                              • LoadResource.KERNEL32(?,?,?,?,?,?,?,?,?,?,00404A72), ref: 00403F0E
                                                                                                                                                                                                              • LockResource.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00404A72), ref: 00403F1D
                                                                                                                                                                                                              • strncpy.MSVCRT ref: 00403F89
                                                                                                                                                                                                              • strlen.MSVCRT ref: 00403F95
                                                                                                                                                                                                              • strcat.MSVCRT ref: 00403FBA
                                                                                                                                                                                                              • fprintf.MSVCRT ref: 00403FD4
                                                                                                                                                                                                              • fprintf.MSVCRT ref: 00403FF7
                                                                                                                                                                                                              • SetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00404A72), ref: 00404008
                                                                                                                                                                                                              • fprintf.MSVCRT ref: 00404035
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000006.00000002.2301704153.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301686978.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301721482.0000000000409000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301745608.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301745608.0000000000412000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301790428.0000000000414000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_6_2_400000_install.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Resource$fprintf$ErrorFindLastLoadLockmemsetstrcpy$strcatstrlenstrncpy
                                                                                                                                                                                                              • String ID: :$Bundled JRE:%s$C:\Users\user\AppData\Roaming\InstallerPDW\jre$C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe$Resource %d:%s$\$true
                                                                                                                                                                                                              • API String ID: 1825146110-3594635844
                                                                                                                                                                                                              • Opcode ID: b93b39cbe82f5e2f208a7984e44e89cdccab112937a32fab5cc704911dd864f8
                                                                                                                                                                                                              • Instruction ID: a351f2335a7c1ffd526f9bc51b8a145b2b5fd6ff43207c8f2e401759d570546c
                                                                                                                                                                                                              • Opcode Fuzzy Hash: b93b39cbe82f5e2f208a7984e44e89cdccab112937a32fab5cc704911dd864f8
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 178160B09083019BD710AF29D54035ABFE9EF84344F05C87FE989AB3D1DB7C99558B8A

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 432 401c30-401c8f call 406c70 memset GetEnvironmentVariableA strstr 435 401c95-401d0c memset strncpy strlen fopen 432->435 436 401d86-401d99 strstr 432->436 438 401d7e-401d85 435->438 439 401d0e-401d26 strstr 435->439 436->435 437 401d9f-401da5 436->437 440 401d33-401d35 437->440 441 401da7-401dba strstr 439->441 442 401d28 439->442 445 401d37-401d58 fprintf 440->445 446 401d79 440->446 441->442 443 401dc0 441->443 444 401d2d 442->444 443->444 444->440 445->446 447 401d5a-401d74 fprintf 445->447 446->438 447->446
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000006.00000002.2301704153.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301686978.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301721482.0000000000409000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301745608.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301745608.0000000000412000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301790428.0000000000414000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_6_2_400000_install.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: strstr$fprintfmemset$EnvironmentVariablefopenstrlenstrncpy
                                                                                                                                                                                                              • String ID: Version:%s$--l4j-debug$--l4j-debug-all$3.9$CmdLine:%s %s$debug$debug-all$j.lo$nch4
                                                                                                                                                                                                              • API String ID: 1991431792-3923029096
                                                                                                                                                                                                              • Opcode ID: f3ff31f25fd124a68a8ece83d1396f8c6fcaec24afa804c0ebef4b3268481e6e
                                                                                                                                                                                                              • Instruction ID: 60ffc86f505bfdbbbba3efb310094abc59b8358325a5033e9b193ab27e218064
                                                                                                                                                                                                              • Opcode Fuzzy Hash: f3ff31f25fd124a68a8ece83d1396f8c6fcaec24afa804c0ebef4b3268481e6e
                                                                                                                                                                                                              • Instruction Fuzzy Hash: AA411DB49083059BC710AF6AC58056EFBE5EF84754F01C83FE989AB391D738D851DB8A

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 448 403790-4037cc FindResourceExA 449 4037d2-4037e9 LoadResource 448->449 450 4039b4-4039c6 SetLastError 448->450 451 40383a-40389f memset strlen strncpy strlen _open 449->451 452 4037eb-4037fa LockResource 449->452 453 4039ce-4039ec fprintf 450->453 454 4038a5-4038ac 451->454 455 403976-40397d 451->455 452->451 456 4037fc-4037fe 452->456 457 403826-403834 strlen 453->457 458 4038b2-4038f4 strlen _read 454->458 459 40399a-4039af fprintf 454->459 460 403800-40380d 456->460 457->451 461 403944-40394f 458->461 462 4038f6-4038f9 458->462 459->458 460->460 463 40380f-403817 460->463 464 403951-403955 461->464 465 403968-403971 _close 461->465 466 403900-403906 462->466 463->457 467 403819-403820 463->467 464->465 468 403957-403962 strlen 464->468 465->455 469 403990-403998 466->469 470 40390c-40391c 466->470 467->453 467->457 468->465 473 403940-403942 469->473 471 403980-403988 470->471 472 40391e-40392c 470->472 471->473 475 40398a-40398c 471->475 472->473 474 40392e-403932 472->474 473->461 473->466 474->473 476 403934 474->476 477 403937-403939 475->477 476->477 477->473
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000006.00000002.2301704153.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301686978.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301721482.0000000000409000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301745608.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301745608.0000000000412000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301790428.0000000000414000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_6_2_400000_install.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: strlen$Resource$ErrorFindLastLoadLock_close_open_readmemsetstrncpy
                                                                                                                                                                                                              • String ID: Loading:%s$Resource %d:%s$ini
                                                                                                                                                                                                              • API String ID: 3498103655-913749543
                                                                                                                                                                                                              • Opcode ID: 1aeefc6938f78fb95fdeba6918e8ca31fde1e41f92e779772340ee2ce77c709b
                                                                                                                                                                                                              • Instruction ID: ffe5270cda513766b45dd1113f6f5d5a6076afea4e1b231d249c2800047aef03
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1aeefc6938f78fb95fdeba6918e8ca31fde1e41f92e779772340ee2ce77c709b
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4E6181B59083118BDB10AF29C58035EBFE5AF44344F05847FE9C9A7382D7789A51CB8A

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • memset.MSVCRT ref: 0040689C
                                                                                                                                                                                                              • memset.MSVCRT ref: 004068BD
                                                                                                                                                                                                              • strcat.MSVCRT ref: 004068DA
                                                                                                                                                                                                              • strlen.MSVCRT ref: 004068E2
                                                                                                                                                                                                              • strcat.MSVCRT ref: 004068FE
                                                                                                                                                                                                              • CreateProcessA.KERNEL32 ref: 00406941
                                                                                                                                                                                                              • WaitForSingleObject.KERNEL32(?,?,?,?,?,0040A01C,00000001,00000000,?,0040151F), ref: 00406994
                                                                                                                                                                                                              • GetExitCodeProcess.KERNEL32 ref: 004069AC
                                                                                                                                                                                                              • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,0040A01C,00000001,00000000,?,0040151F), ref: 004069BD
                                                                                                                                                                                                              • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,0040A01C,00000001,00000000,?,0040151F), ref: 004069CE
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              • C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe, xrefs: 004068C7
                                                                                                                                                                                                              • -Dfile.encoding=UTF-8 -classpath "lib\.;lib\..;lib\asm-all.jar;lib\dn-compiled-module.jar;lib\dn-php-sdk.jar;lib\gson.jar;lib\jphp-app-framework.jar;lib\jphp-core.jar;lib\jphp-desktop-ext.jar;lib\jphp-gui-ext.jar;lib\jphp-json-ext.jar;lib\jphp-runtime.jar;lib\, xrefs: 004068F2
                                                                                                                                                                                                              • D, xrefs: 004068A1
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000006.00000002.2301704153.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301686978.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301721482.0000000000409000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301745608.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301745608.0000000000412000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301790428.0000000000414000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_6_2_400000_install.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CloseHandleProcessmemsetstrcat$CodeCreateExitObjectSingleWaitstrlen
                                                                                                                                                                                                              • String ID: -Dfile.encoding=UTF-8 -classpath "lib\.;lib\..;lib\asm-all.jar;lib\dn-compiled-module.jar;lib\dn-php-sdk.jar;lib\gson.jar;lib\jphp-app-framework.jar;lib\jphp-core.jar;lib\jphp-desktop-ext.jar;lib\jphp-gui-ext.jar;lib\jphp-json-ext.jar;lib\jphp-runtime.jar;lib\$C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe$D
                                                                                                                                                                                                              • API String ID: 196992964-271605908
                                                                                                                                                                                                              • Opcode ID: 925ee4bed1523179cba05dbda226f6a8605d2966789c7c8ca7956b0a3c785639
                                                                                                                                                                                                              • Instruction ID: c9cdd45e2a5c81e006214db6be6d40eb90bac674d27234413dd11b55ebfa4603
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 925ee4bed1523179cba05dbda226f6a8605d2966789c7c8ca7956b0a3c785639
                                                                                                                                                                                                              • Instruction Fuzzy Hash: EF4129B19083009BD700EF69D58064EFBF0FF84310F02897EE599AB391D7789965CB8A

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 486 402690-4026c7 memset 487 402708-40271c strcpy 486->487 488 4026c9-4026d0 486->488 491 402776-402783 strlen 487->491 492 40271e-40272b strlen 487->492 489 4026d2-4026d9 488->489 490 4026f9-402707 488->490 493 4026e0-4026f4 fprintf 489->493 494 4026db 489->494 497 402785 491->497 498 40278b-402794 491->498 495 402733-402738 492->495 496 40272d 492->496 493->490 494->493 499 40273c-40275c strcat _stat 495->499 496->495 497->498 498->499 499->488 500 402762-402771 SetLastError 499->500 500->488
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000006.00000002.2301704153.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301686978.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301721482.0000000000409000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301745608.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301745608.0000000000412000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301790428.0000000000414000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_6_2_400000_install.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: strlen$ErrorLast_statfprintfmemsetstrcatstrcpy
                                                                                                                                                                                                              • String ID: (OK)$(not found)$Check launcher:%s %s$bin\java.exe$bin\javaw.exe
                                                                                                                                                                                                              • API String ID: 1479257852-1030199565
                                                                                                                                                                                                              • Opcode ID: 045868294d0a7ed06c315ae385c8820c2325015fc6260560a2149f7d46a293a6
                                                                                                                                                                                                              • Instruction ID: e8944f1a8106916e4475c21f7cef91e4a366f81d5ed1b62317d4ded5b41b0450
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 045868294d0a7ed06c315ae385c8820c2325015fc6260560a2149f7d46a293a6
                                                                                                                                                                                                              • Instruction Fuzzy Hash: A63191B4908705DFD710AF65C58421EBBE0AF44304F16887FE888BB3D1D7B88941CB8A

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 501 4013e9-401400 call 4021a0 505 401402-401415 strstr 501->505 506 40141b-401436 call 4021a0 501->506 505->506 507 40180d-401812 505->507 510 4015e9-4015f7 call 4021a0 506->510 511 40143c 506->511 507->506 513 401441-40144e 510->513 520 4015fd-401610 strstr 510->520 511->513 514 401450-401452 513->514 515 401458-4014c6 CreateWindowExA 513->515 514->515 517 4017e6-4017e8 514->517 518 40161b-401644 call 4020c0 515->518 519 4014cc-4014d4 515->519 522 4014d6-401504 SetTimer 517->522 525 4017ee 517->525 530 401646-401657 atoi 518->530 531 401668-401688 call 4021a0 518->531 519->522 523 40150a-401521 call 406860 519->523 520->513 524 401616 520->524 522->523 527 4013d5-4013da call 401ed0 522->527 523->527 539 401527-40152f 523->539 524->518 529 4017f3-4017fa 525->529 545 4013df-4013e6 527->545 534 401837-401859 fwrite 529->534 535 4017fc-401808 call 406830 call 401c10 529->535 536 40165d-401662 530->536 537 40193f-401944 530->537 547 4016a3-4016ee call 4021a0 LoadImageA 531->547 548 40168a-40169d strstr 531->548 534->535 535->545 536->531 537->531 543 401531-401539 539->543 544 40153f-401545 539->544 543->529 543->544 549 40155d-40157c GetMessageA 544->549 547->527 560 4016f4-4017de SendMessageA GetWindowRect GetSystemMetrics * 2 SetWindowPos ShowWindow UpdateWindow 547->560 548->547 551 401949-40194e 548->551 553 401547-40155a TranslateMessage DispatchMessageA 549->553 554 40157e-401586 549->554 551->547 553->549 557 4015b0-4015bc call 406830 554->557 558 401588-40158f 554->558 565 4015cc-4015d4 557->565 566 4015be-4015c6 557->566 558->557 561 401591-401599 558->561 563 4017e1 560->563 561->557 564 40159b-4015ab fprintf 561->564 563->517 564->557 567 401817-40182d fprintf 565->567 568 4015da-4015e4 call 401c10 565->568 566->563 566->565 567->534 568->545
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                • Part of subcall function 004021A0: FindResourceExA.KERNEL32 ref: 004021DD
                                                                                                                                                                                                                • Part of subcall function 004021A0: LoadResource.KERNEL32 ref: 004021FA
                                                                                                                                                                                                                • Part of subcall function 004021A0: LockResource.KERNEL32 ref: 00402209
                                                                                                                                                                                                                • Part of subcall function 004021A0: fprintf.MSVCRT ref: 00402253
                                                                                                                                                                                                              • strstr.MSVCRT ref: 0040140E
                                                                                                                                                                                                              • CreateWindowExA.USER32 ref: 004014B1
                                                                                                                                                                                                              • SetTimer.USER32 ref: 004014FA
                                                                                                                                                                                                              • TranslateMessage.USER32 ref: 0040154A
                                                                                                                                                                                                              • DispatchMessageA.USER32 ref: 00401555
                                                                                                                                                                                                              • GetMessageA.USER32 ref: 00401572
                                                                                                                                                                                                              • fprintf.MSVCRT ref: 004015AB
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000006.00000002.2301704153.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301686978.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301721482.0000000000409000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301745608.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301745608.0000000000412000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301790428.0000000000414000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_6_2_400000_install.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: MessageResource$fprintf$CreateDispatchFindLoadLockTimerTranslateWindowstrstr
                                                                                                                                                                                                              • String ID: --l4j-no-splash$Exit code:%d, restarting the application!$STATIC
                                                                                                                                                                                                              • API String ID: 2241055113-1185063601
                                                                                                                                                                                                              • Opcode ID: 33ac18716a739c8569af302160795fed5acb0a4af97f80bbe930cd5371412de7
                                                                                                                                                                                                              • Instruction ID: 67a90b80666c473e9742fa792ab923d60fcf46590e4eeb89ab99995b83f5f157
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 33ac18716a739c8569af302160795fed5acb0a4af97f80bbe930cd5371412de7
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4F514B71A043058BD714DF2AD94035BB7F1ABC4300F15C83FE989AB3A0EB39C8519B8A

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000006.00000002.2301704153.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301686978.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301721482.0000000000409000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301745608.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301745608.0000000000412000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301790428.0000000000414000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_6_2_400000_install.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: _setmode$ExitProcess__p__environ__p__fmode_cexit
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 2747451157-0
                                                                                                                                                                                                              • Opcode ID: 55b44065cfc3671dcbda3173ad3e590a602a7e1e9e535e6ec2c50fd80800269a
                                                                                                                                                                                                              • Instruction ID: 6dd9965de3e649a4df042f89f412d9c8f3f420679e1b57de8b71a4d36494cbca
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 55b44065cfc3671dcbda3173ad3e590a602a7e1e9e535e6ec2c50fd80800269a
                                                                                                                                                                                                              • Instruction Fuzzy Hash: CD1109746057108FC304FF25D9C181A77B1BF88304B12CA7EE986AB3A6C738D850DB4A

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 596 406a10-406a40 call 406c70 call 406c00 GetCommandLineA GetStartupInfoA 601 406a42 596->601 602 406a48-406a5b 596->602 603 406ae6-406afe GetModuleHandleA 601->603 604 406a47 602->604 605 406a5d-406a60 602->605 606 406b00 603->606 607 406b04-406b21 call 4013b0 603->607 604->602 608 406aa0-406ab3 605->608 609 406a62-406a72 605->609 606->607 608->608 613 406ab5-406ab8 608->613 611 406ac0-406acc 609->611 612 406a74-406a7a 609->612 618 406ae0-406ae4 611->618 615 406a80-406a82 612->615 616 406b22-406b26 613->616 617 406aba 613->617 615->611 620 406a84-406a98 615->620 616->611 617->611 618->603 619 406ad0-406add 618->619 619->618 620->615 621 406a9a 620->621 621->611
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000006.00000002.2301704153.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301686978.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301721482.0000000000409000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301745608.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301745608.0000000000412000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301790428.0000000000414000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_6_2_400000_install.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CommandHandleInfoLineModuleStartup
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 1628297973-0
                                                                                                                                                                                                              • Opcode ID: 426b7e169bc4001adf4ac2880b2c14a6d5950ebf415b9d4ab6f3d543cdd5321b
                                                                                                                                                                                                              • Instruction ID: ebf8bf4e4e20132a1a66f6807e23304a966a01df456f573df18988500c29227c
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 426b7e169bc4001adf4ac2880b2c14a6d5950ebf415b9d4ab6f3d543cdd5321b
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 00215CB67047154FEB147636C4A23AB7BE26F42344F8AC03BC583321C3D23C5AB59A06

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 622 406a9c 623 406aa0-406ab3 622->623 623->623 624 406ab5-406ab8 623->624 625 406b22-406b26 624->625 626 406aba 624->626 627 406ac0-406acc 625->627 626->627 628 406ae0-406ae4 627->628 629 406ad0-406add 628->629 630 406ae6-406afe GetModuleHandleA 628->630 629->628 631 406b00 630->631 632 406b04-406b21 call 4013b0 630->632 631->632
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000006.00000002.2301704153.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301686978.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301721482.0000000000409000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301745608.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301745608.0000000000412000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301790428.0000000000414000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_6_2_400000_install.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: HandleModule
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 4139908857-0
                                                                                                                                                                                                              • Opcode ID: 661c79fa3b8ac9abb4e224266d4cded6d62ffdd14050f3927dba7b757e43ebb2
                                                                                                                                                                                                              • Instruction ID: f042ff4e9afc238231ba2f0a1a21a068439de561cfa6daf720de4363d65ecbf7
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 661c79fa3b8ac9abb4e224266d4cded6d62ffdd14050f3927dba7b757e43ebb2
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 23F0F4B1A047154BDB14AF39C09139BBBF2AF40348F86C43EC987732C2D37C99608A02

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 635 406ace 636 406ad0-406ae4 635->636 638 406ae6-406afe GetModuleHandleA 636->638 639 406b00 638->639 640 406b04-406b21 call 4013b0 638->640 639->640
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000006.00000002.2301704153.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301686978.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301721482.0000000000409000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301745608.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301745608.0000000000412000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301790428.0000000000414000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_6_2_400000_install.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: HandleModule
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 4139908857-0
                                                                                                                                                                                                              • Opcode ID: acdd093e482f5bde7bba130dde77f32350e70ae8059faee5c55a3686f59b36ed
                                                                                                                                                                                                              • Instruction ID: 3ce4b8eff68f737e1e19327138148219799e312e833f16ad5da121a4cd60d1db
                                                                                                                                                                                                              • Opcode Fuzzy Hash: acdd093e482f5bde7bba130dde77f32350e70ae8059faee5c55a3686f59b36ed
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1DF0A0B6A083244ADB04AF7AC18136AFFF1AF45358F45C47ED985626D2D27C8550CB52
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • __set_app_type.MSVCRT ref: 0040129D
                                                                                                                                                                                                                • Part of subcall function 00401150: SetUnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,?,?,004012A8), ref: 00401161
                                                                                                                                                                                                                • Part of subcall function 00401150: __getmainargs.MSVCRT ref: 0040119A
                                                                                                                                                                                                                • Part of subcall function 00401150: _setmode.MSVCRT ref: 004011D5
                                                                                                                                                                                                                • Part of subcall function 00401150: _setmode.MSVCRT ref: 004011FB
                                                                                                                                                                                                                • Part of subcall function 00401150: __p__fmode.MSVCRT ref: 00401200
                                                                                                                                                                                                                • Part of subcall function 00401150: __p__environ.MSVCRT ref: 00401215
                                                                                                                                                                                                                • Part of subcall function 00401150: _cexit.MSVCRT ref: 00401239
                                                                                                                                                                                                                • Part of subcall function 00401150: ExitProcess.KERNEL32 ref: 00401241
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000006.00000002.2301704153.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301686978.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301721482.0000000000409000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301745608.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301745608.0000000000412000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301790428.0000000000414000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_6_2_400000_install.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: _setmode$ExceptionExitFilterProcessUnhandled__getmainargs__p__environ__p__fmode__set_app_type_cexit
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 250851222-0
                                                                                                                                                                                                              • Opcode ID: f8f8779216d611a18a63dbf5b8c311eb09e190107aa71f1f2c959bcc01329ce4
                                                                                                                                                                                                              • Instruction ID: f3566ed841fe2c78bbec3e3585cf37c7a6b3b3915cdcc1304e07bfa49eda4ab5
                                                                                                                                                                                                              • Opcode Fuzzy Hash: f8f8779216d611a18a63dbf5b8c311eb09e190107aa71f1f2c959bcc01329ce4
                                                                                                                                                                                                              • Instruction Fuzzy Hash: F3C09B3041421497C3003FB5DC0E359BBA87B05305F41443CD5C967261D67839054796
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,004013DA), ref: 00401ED7
                                                                                                                                                                                                              • puts.MSVCRT ref: 00401F11
                                                                                                                                                                                                              • ShellExecuteA.SHELL32 ref: 00401F5A
                                                                                                                                                                                                              • printf.MSVCRT ref: 00401F89
                                                                                                                                                                                                              • fclose.MSVCRT ref: 00401F93
                                                                                                                                                                                                              • MessageBoxA.USER32 ref: 00401FBF
                                                                                                                                                                                                              • FormatMessageA.KERNEL32(?,?,?,?,?,?,?,?,004013DA), ref: 00401FFD
                                                                                                                                                                                                              • strlen.MSVCRT ref: 0040201F
                                                                                                                                                                                                              • strcat.MSVCRT(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,004013DA), ref: 00402040
                                                                                                                                                                                                              • LocalFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,004013DA), ref: 0040204B
                                                                                                                                                                                                              • fprintf.MSVCRT ref: 0040206D
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000006.00000002.2301704153.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301686978.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301721482.0000000000409000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301745608.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301745608.0000000000412000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301790428.0000000000414000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_6_2_400000_install.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Message$ErrorExecuteFormatFreeLastLocalShellfclosefprintfprintfputsstrcatstrlen
                                                                                                                                                                                                              • String ID: An error occurred while starting the application.$Error msg:%s$Error:%s$Open URL:%s$open
                                                                                                                                                                                                              • API String ID: 1449747937-1100426463
                                                                                                                                                                                                              • Opcode ID: 1d01a69e9d7fb2250e9da01269d9a9a695086d462b34391a24b83a14a180ea29
                                                                                                                                                                                                              • Instruction ID: 2d12064388d49b1e09197d997951df6f1fa04ecba0d9f77cc5412a013d33004a
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1d01a69e9d7fb2250e9da01269d9a9a695086d462b34391a24b83a14a180ea29
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5041F1B0B083019BD704EF29D68525FBAE1BB84344F11C83FE589A7391D77C89559B8B
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000006.00000002.2301704153.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301686978.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301721482.0000000000409000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301745608.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301745608.0000000000412000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301790428.0000000000414000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_6_2_400000_install.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Resource$FindLoadLockstrlen$strcat$ErrorLastfprintf
                                                                                                                                                                                                              • String ID: - $-bit$1.8.0$1.8.0$An error occurred while starting the application.$Resource %d:%s
                                                                                                                                                                                                              • API String ID: 484976878-253376002
                                                                                                                                                                                                              • Opcode ID: b992894269d4df67585a336ef44875f4a4d0f1fa0297b5c6ea2c178211651a31
                                                                                                                                                                                                              • Instruction ID: 34e31f97e9555f3506bafa7709ed99a0cf1f3aa383949e3ef6a0ea41d6191ac0
                                                                                                                                                                                                              • Opcode Fuzzy Hash: b992894269d4df67585a336ef44875f4a4d0f1fa0297b5c6ea2c178211651a31
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 50B170B07183018BD704EF3AD64035ABAE1BB84344F05C93ED989E7391D77DC9658B9A
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000006.00000002.2301704153.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301686978.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301721482.0000000000409000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301745608.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301745608.0000000000412000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301790428.0000000000414000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_6_2_400000_install.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: strcpy$memsetstrcmpstrlen$fprintfstrcat$EnumOpenstrchrstrncpy
                                                                                                                                                                                                              • String ID: %s-bit search:%s...$1.8.0$Check:%s$Ignore:%s$Match:%s
                                                                                                                                                                                                              • API String ID: 972160396-125968938
                                                                                                                                                                                                              • Opcode ID: c86c034fc67a71293e03635b1d03b0b522562ab163ebdae5596db442e3a19ad0
                                                                                                                                                                                                              • Instruction ID: 9a2c2f7deab8620c59848cd1e9c546dad7476eac0264ac07e1180a0b30e31d97
                                                                                                                                                                                                              • Opcode Fuzzy Hash: c86c034fc67a71293e03635b1d03b0b522562ab163ebdae5596db442e3a19ad0
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 25A12AB49087149BC711EF25C98429EFBF5AF84704F0188BFE489A7391D7789A858F86
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000006.00000002.2301704153.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301686978.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301721482.0000000000409000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301745608.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301745608.0000000000412000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301790428.0000000000414000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_6_2_400000_install.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: strcat$strncat$memsetstrchr$CurrentDirectoryEnvironmentVariablestrlenstrstr
                                                                                                                                                                                                              • String ID: C:\Users\user\AppData\Roaming\InstallerPDW$C:\Users\user\AppData\Roaming\InstallerPDW\jre$EXEDIR$EXEFILE$HKEY$JREHOMEDIR$OLDPWD$PWD$Substitute:%s = %s
                                                                                                                                                                                                              • API String ID: 3324974479-3257982886
                                                                                                                                                                                                              • Opcode ID: c774727848c6e49817d41a86356bbab4970edb0624ee6d3a0a55169df02263e5
                                                                                                                                                                                                              • Instruction ID: ed202c75566bdcf25b9861d036979bf7c043f81e68319857b6959b64db836d4b
                                                                                                                                                                                                              • Opcode Fuzzy Hash: c774727848c6e49817d41a86356bbab4970edb0624ee6d3a0a55169df02263e5
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 80711C759043159BCB54DF25C88025ABBE5FF84314F41C8BEE98DA7381DB389E85CB8A
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              • Heap %s:Requested %d MB / %d%%, Available: %d MB, Heap size: %d MB, xrefs: 00403688
                                                                                                                                                                                                              • Heap limit:Reduced %d MB heap size to 32-bit maximum %d MB, xrefs: 004036B0
                                                                                                                                                                                                              • Resource %d:%s, xrefs: 004034A3, 00403563
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000006.00000002.2301704153.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301686978.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301721482.0000000000409000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301745608.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301745608.0000000000412000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301790428.0000000000414000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_6_2_400000_install.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Resource$FindLoadLockatoifprintfstrlen$ErrorLast_itoastrcat
                                                                                                                                                                                                              • String ID: Heap %s:Requested %d MB / %d%%, Available: %d MB, Heap size: %d MB$Heap limit:Reduced %d MB heap size to 32-bit maximum %d MB$Resource %d:%s
                                                                                                                                                                                                              • API String ID: 1284713559-335395982
                                                                                                                                                                                                              • Opcode ID: 49b52521ad4b28281b4610723bdc3fecec1105f7fc221ab9df715c009cf8496d
                                                                                                                                                                                                              • Instruction ID: 556c7044ae09a008ffae0a8d9fc69ada731a51744f4509117c473fc4c8ef08ad
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 49b52521ad4b28281b4610723bdc3fecec1105f7fc221ab9df715c009cf8496d
                                                                                                                                                                                                              • Instruction Fuzzy Hash: CC916FB19083159BDB14EF69C58025FBBF5BF88304F05883EE889AB391D738D915CB86
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              • --l4j-, xrefs: 00405C50, 00405C8E
                                                                                                                                                                                                              • -Dfile.encoding=UTF-8 -classpath "lib\.;lib\..;lib\asm-all.jar;lib\dn-compiled-module.jar;lib\dn-php-sdk.jar;lib\gson.jar;lib\jphp-app-framework.jar;lib\jphp-core.jar;lib\jphp-desktop-ext.jar;lib\jphp-gui-ext.jar;lib\jphp-json-ext.jar;lib\jphp-runtime.jar;lib\, xrefs: 00405C13, 00405C2F, 00405CAE, 00405CCA
                                                                                                                                                                                                              • Resource %d:%s, xrefs: 00405D11
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000006.00000002.2301704153.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301686978.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301721482.0000000000409000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301745608.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301745608.0000000000412000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301790428.0000000000414000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_6_2_400000_install.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Resource$strcatstrlenstrstr$ErrorFindLastLoadLockmemsetstrchrstrcpy
                                                                                                                                                                                                              • String ID: --l4j-$-Dfile.encoding=UTF-8 -classpath "lib\.;lib\..;lib\asm-all.jar;lib\dn-compiled-module.jar;lib\dn-php-sdk.jar;lib\gson.jar;lib\jphp-app-framework.jar;lib\jphp-core.jar;lib\jphp-desktop-ext.jar;lib\jphp-gui-ext.jar;lib\jphp-json-ext.jar;lib\jphp-runtime.jar;lib\$Resource %d:%s
                                                                                                                                                                                                              • API String ID: 782867121-2842270848
                                                                                                                                                                                                              • Opcode ID: ac6294b31dbabfa38df6261dad10e70e22e75e7ae9a4ecf5308ff82ecc24c60d
                                                                                                                                                                                                              • Instruction ID: d40fd4806269129820aebf3143e2994a5f350a870bc7b93ef3ae692e42a163e9
                                                                                                                                                                                                              • Opcode Fuzzy Hash: ac6294b31dbabfa38df6261dad10e70e22e75e7ae9a4ecf5308ff82ecc24c60d
                                                                                                                                                                                                              • Instruction Fuzzy Hash: E6414DB0908B019AE714AF29C54432BBAE5EF45704F01C87FE589A73C2D73D88958F9B
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000006.00000002.2301704153.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301686978.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301721482.0000000000409000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301745608.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301745608.0000000000412000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301790428.0000000000414000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_6_2_400000_install.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: strstr$Open$CloseQueryValuestrchrstrrchr
                                                                                                                                                                                                              • String ID: HKEY$HKEY_CLASSES_ROOT$HKEY_CURRENT_CONFIG$HKEY_CURRENT_USER$HKEY_LOCAL_MACHINE$HKEY_USERS
                                                                                                                                                                                                              • API String ID: 356245303-4236897492
                                                                                                                                                                                                              • Opcode ID: a1b4684ee25663612e490b4be978381a64ee457d4bbee82a063a929b877f78fc
                                                                                                                                                                                                              • Instruction ID: 2ae7df6790b6f1853f37995f78c893f74154cd1711da3b843cecc37fcb260c67
                                                                                                                                                                                                              • Opcode Fuzzy Hash: a1b4684ee25663612e490b4be978381a64ee457d4bbee82a063a929b877f78fc
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2B414FB5D087069BDB00EF69C98425EFBE1BF84314F05883FE988A7381D77899448B96
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              • C:\Users\user\AppData\Roaming\InstallerPDW, xrefs: 00403BCC
                                                                                                                                                                                                              • Working dir:%s, xrefs: 00403CBF
                                                                                                                                                                                                              • Resource %d:%s, xrefs: 00403CFD
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000006.00000002.2301704153.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301686978.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301721482.0000000000409000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301745608.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301745608.0000000000412000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301790428.0000000000414000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_6_2_400000_install.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Resource$fprintfmemset$CurrentDirectoryErrorFindLastLoadLock_chdirstrcatstrlenstrncpy
                                                                                                                                                                                                              • String ID: C:\Users\user\AppData\Roaming\InstallerPDW$Resource %d:%s$Working dir:%s
                                                                                                                                                                                                              • API String ID: 422477114-135837388
                                                                                                                                                                                                              • Opcode ID: 9c9ccb99f420a877555200c07f2862f7891259c708e168cf86730445fea71b0e
                                                                                                                                                                                                              • Instruction ID: 349f221890d6d40fe71c0e96cafd37487ebf52b12bf3dfd57c186abffd885e97
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9c9ccb99f420a877555200c07f2862f7891259c708e168cf86730445fea71b0e
                                                                                                                                                                                                              • Instruction Fuzzy Hash: B1416BB19087119BE700AF29D58135EBFE4EF84344F01883EE989A7381D7389994CB8A
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              • 1.8.0, xrefs: 00404051
                                                                                                                                                                                                              • C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe, xrefs: 004041A5
                                                                                                                                                                                                              • Runtime used:%s (%s-bit), xrefs: 004041DF
                                                                                                                                                                                                              • C:\Users\user\AppData\Roaming\InstallerPDW\jre, xrefs: 004041AC
                                                                                                                                                                                                              • Resource %d:%s, xrefs: 0040428D
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000006.00000002.2301704153.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301686978.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301721482.0000000000409000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301745608.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301745608.0000000000412000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301790428.0000000000414000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_6_2_400000_install.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Resource$FindLoadLockatoifprintfstrcpy
                                                                                                                                                                                                              • String ID: 1.8.0$C:\Users\user\AppData\Roaming\InstallerPDW\jre$C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe$Resource %d:%s$Runtime used:%s (%s-bit)
                                                                                                                                                                                                              • API String ID: 1856142485-2926679200
                                                                                                                                                                                                              • Opcode ID: d297cc4e5c952a856f3d68dfdf06d37a651345b527a0279046be52caef7b7906
                                                                                                                                                                                                              • Instruction ID: 209fe916da85df5c911ae4276ce2f96064c2a1019c36ad74d5d97ab76ae223e1
                                                                                                                                                                                                              • Opcode Fuzzy Hash: d297cc4e5c952a856f3d68dfdf06d37a651345b527a0279046be52caef7b7906
                                                                                                                                                                                                              • Instruction Fuzzy Hash: A8513AB0A083059BD704AF65D54436EBBE1ABC4304F01C87EE989AB3D2D77D9C919B4A
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • memset.MSVCRT ref: 00405211
                                                                                                                                                                                                              • memset.MSVCRT ref: 00405228
                                                                                                                                                                                                              • FindResourceExA.KERNEL32(?,00000000,?), ref: 00405250
                                                                                                                                                                                                              • LoadResource.KERNEL32(?,?,?,00406514), ref: 0040526D
                                                                                                                                                                                                              • LockResource.KERNEL32(?,?,?,?,?,00406514), ref: 0040527C
                                                                                                                                                                                                              • fprintf.MSVCRT ref: 004052C8
                                                                                                                                                                                                              • SetEnvironmentVariableA.KERNEL32 ref: 004052EC
                                                                                                                                                                                                              • strtok.MSVCRT(?,?,?,?,00406514), ref: 004052FF
                                                                                                                                                                                                              • strchr.MSVCRT ref: 00405316
                                                                                                                                                                                                              • fprintf.MSVCRT ref: 0040535A
                                                                                                                                                                                                              • SetLastError.KERNEL32(?,?,?,00406514), ref: 00405373
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000006.00000002.2301704153.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301686978.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301721482.0000000000409000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301745608.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301745608.0000000000412000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301790428.0000000000414000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_6_2_400000_install.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Resource$fprintfmemset$EnvironmentErrorFindLastLoadLockVariablestrchrstrtok
                                                                                                                                                                                                              • String ID: Resource %d:%s$Set var:%s = %s
                                                                                                                                                                                                              • API String ID: 301265589-2172967655
                                                                                                                                                                                                              • Opcode ID: 269e6b674d12423d849caec9e5e778c3ff3d2c18b953fcfb33869b71bd7f8dc3
                                                                                                                                                                                                              • Instruction ID: afa5dd9bf5237a591f145b88366e3ef618c797e9271656589243b0a106b18b75
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 269e6b674d12423d849caec9e5e778c3ff3d2c18b953fcfb33869b71bd7f8dc3
                                                                                                                                                                                                              • Instruction Fuzzy Hash: DA4138B0A087019BD710AF2AD58035FBBE4EF88340F41C87EE489A7391D738D9559F9A
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              • C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe, xrefs: 004050F1
                                                                                                                                                                                                              • Error:%s, xrefs: 0040518B
                                                                                                                                                                                                              • appendToPathVar failed., xrefs: 00405186
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000006.00000002.2301704153.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301686978.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301721482.0000000000409000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301745608.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301745608.0000000000412000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301790428.0000000000414000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_6_2_400000_install.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: strlen$EnvironmentVariablememset$fprintfstrcatstrcpy
                                                                                                                                                                                                              • String ID: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe$Error:%s$appendToPathVar failed.
                                                                                                                                                                                                              • API String ID: 495583820-1397312649
                                                                                                                                                                                                              • Opcode ID: 8ca052b84f157a73b3b1021bcc8742f7ef4866955d4ac593579a341839fd37fb
                                                                                                                                                                                                              • Instruction ID: f6e45bb88e98a1b81569ded4109919bd0ed7862b498e3da174d31cb25c7df640
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8ca052b84f157a73b3b1021bcc8742f7ef4866955d4ac593579a341839fd37fb
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 232161B5A087109AD710AF2AD44016FBBE5EFC4704F42C43FE489AB391D73C88528B8A
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000006.00000002.2301704153.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301686978.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301721482.0000000000409000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301745608.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301745608.0000000000412000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301790428.0000000000414000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_6_2_400000_install.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Resource$ErrorLastfprintf$CreateFindLoadLockMutexmemset
                                                                                                                                                                                                              • String ID: Error:%s$Instance already exists.$Resource %d:%s
                                                                                                                                                                                                              • API String ID: 1676011544-3441027790
                                                                                                                                                                                                              • Opcode ID: 5d703d892fcee4d035bb5678ce239c4aadbc0211198db526eb703aee52715d62
                                                                                                                                                                                                              • Instruction ID: 63ebb8a2186d1c087548a531fdd3118c811b0fdf88078b365d510e972c39d1b2
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5d703d892fcee4d035bb5678ce239c4aadbc0211198db526eb703aee52715d62
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7E414F70A083059BDB14EF39D58135ABBE4AB84344F00C87EE48EE73C1E678D9959F56
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000006.00000002.2301704153.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301686978.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301721482.0000000000409000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301745608.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301745608.0000000000412000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301790428.0000000000414000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_6_2_400000_install.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: memset$CloseOpenQueryValuestrcatstrcpystrlen
                                                                                                                                                                                                              • String ID: C:\Users\user\AppData\Roaming\InstallerPDW\jre$JavaHome$jre
                                                                                                                                                                                                              • API String ID: 2991842512-3955834829
                                                                                                                                                                                                              • Opcode ID: d8b368d274ae85d4bc000698528c95442d51d74e1ab4d3ee601e9f643d251c95
                                                                                                                                                                                                              • Instruction ID: f9c37e86e1fa10c1b6e9cf4516faf301a59072f01b137ca7bee1a517f153a641
                                                                                                                                                                                                              • Opcode Fuzzy Hash: d8b368d274ae85d4bc000698528c95442d51d74e1ab4d3ee601e9f643d251c95
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7A4152B5D047159BD710EF29C94425ABBE0EF84310F01C5BEE88DA7381D7789A84CF86
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              • C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe, xrefs: 004041A5
                                                                                                                                                                                                              • Runtime used:%s (%s-bit), xrefs: 004041DF
                                                                                                                                                                                                              • C:\Users\user\AppData\Roaming\InstallerPDW\jre, xrefs: 004041AC
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000006.00000002.2301704153.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301686978.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301721482.0000000000409000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301745608.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301745608.0000000000412000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301790428.0000000000414000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_6_2_400000_install.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Resource$fprintf$ErrorFindLastLoadLockatoistrcpy
                                                                                                                                                                                                              • String ID: C:\Users\user\AppData\Roaming\InstallerPDW\jre$C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe$Runtime used:%s (%s-bit)
                                                                                                                                                                                                              • API String ID: 440416407-3639876478
                                                                                                                                                                                                              • Opcode ID: b3bc536126c4a8c1264af20974626aece3c182a84d0fe9925ec699f1c1c00d30
                                                                                                                                                                                                              • Instruction ID: 5389436385b8e7cd97168d55a14ed6d8c30c170912d26635384efc32abc192e5
                                                                                                                                                                                                              • Opcode Fuzzy Hash: b3bc536126c4a8c1264af20974626aece3c182a84d0fe9925ec699f1c1c00d30
                                                                                                                                                                                                              • Instruction Fuzzy Hash: D3415CB0A043019BD714AF25D58436EBBE1ABC4304F05C87ED989AB3D2D77D9C918B4A
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000006.00000002.2301704153.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301686978.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301721482.0000000000409000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301745608.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301745608.0000000000412000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301790428.0000000000414000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_6_2_400000_install.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CloseQueryValuememsetstrcatstrcpystrlen
                                                                                                                                                                                                              • String ID: C:\Users\user\AppData\Roaming\InstallerPDW\jre$JavaHome$jre
                                                                                                                                                                                                              • API String ID: 2049115317-3955834829
                                                                                                                                                                                                              • Opcode ID: 5ea3d1e5677a1b9a5e222b99d69bfb2b1b3225a46dc7237ee8f34001a989facb
                                                                                                                                                                                                              • Instruction ID: 0f7c0f34ce8200dd43c2f0bb0ff6e98dc681f3c32799e7a142d2370fabdcc0ea
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5ea3d1e5677a1b9a5e222b99d69bfb2b1b3225a46dc7237ee8f34001a989facb
                                                                                                                                                                                                              • Instruction Fuzzy Hash: DB217F759087158AD710EF29C58439ABBE1EF84304F05C9BEE58967381D7789A84CB86
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000006.00000002.2301704153.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301686978.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301721482.0000000000409000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301745608.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301745608.0000000000412000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301790428.0000000000414000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_6_2_400000_install.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Resource$FindLoadLockatoifprintf
                                                                                                                                                                                                              • String ID: Resource %d:%s$`O@
                                                                                                                                                                                                              • API String ID: 2193512306-2494596910
                                                                                                                                                                                                              • Opcode ID: d2c659763aea7fa65e5a142a8afab7499bcdc8dbce1d9b0d6845306160327ef1
                                                                                                                                                                                                              • Instruction ID: 0e451c3d1c8705976eb6372eae49d11802872584f9afc5ab120ed64a9f793ad4
                                                                                                                                                                                                              • Opcode Fuzzy Hash: d2c659763aea7fa65e5a142a8afab7499bcdc8dbce1d9b0d6845306160327ef1
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1C4151709083059BDB149F29D68426EBBE1EF84300F14847FD885B73D0D6B8DD519B8A
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000006.00000002.2301704153.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301686978.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301721482.0000000000409000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301745608.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301745608.0000000000412000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301790428.0000000000414000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_6_2_400000_install.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Resource$atoi$ErrorFindLastLoadLockfprintf
                                                                                                                                                                                                              • String ID: Resource %d:%s
                                                                                                                                                                                                              • API String ID: 1405122715-3770364717
                                                                                                                                                                                                              • Opcode ID: 860e33d9464aaac1aaf4294ce0ce0efbf730c1f33b9003797695dbf45b4547a1
                                                                                                                                                                                                              • Instruction ID: 173d0b95324560bc3b63ac67752d65b29fca71815bb9e03dc755f331b579f335
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 860e33d9464aaac1aaf4294ce0ce0efbf730c1f33b9003797695dbf45b4547a1
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5B21B2759083018BDB14EF3AD58076FBBE0AF84340F01883EE989A7391D73CD8658B96
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000006.00000002.2301704153.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301686978.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301721482.0000000000409000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301745608.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301745608.0000000000412000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301790428.0000000000414000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_6_2_400000_install.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Resource$ErrorFindLastLoadLockfprintf
                                                                                                                                                                                                              • String ID: Resource %d:%s$true
                                                                                                                                                                                                              • API String ID: 2300709556-1650570159
                                                                                                                                                                                                              • Opcode ID: 81dd6341af696f5ba0067316c7a2603a014bd5558d3fa65d953e464f06248ab3
                                                                                                                                                                                                              • Instruction ID: edd0d00bdcf57973877bd5b19408a799ab47b92a6fbc58d7c0a8dfc23e37736a
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 81dd6341af696f5ba0067316c7a2603a014bd5558d3fa65d953e464f06248ab3
                                                                                                                                                                                                              • Instruction Fuzzy Hash: DA21FB72A083155BDB10AF79D54436BBBE4FF80350F05847FE989A73C0D639DA148B95
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000006.00000002.2301704153.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301686978.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301721482.0000000000409000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301745608.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301745608.0000000000412000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301790428.0000000000414000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_6_2_400000_install.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: AddressCurrentHandleModuleProcProcessfprintf
                                                                                                                                                                                                              • String ID: IsWow64Process$WOW64:%s$yes
                                                                                                                                                                                                              • API String ID: 24026888-2072328098
                                                                                                                                                                                                              • Opcode ID: 79cba90a5c32919940d47014e4f11db2286ddd08fea7034ebff4aa08fe6649a9
                                                                                                                                                                                                              • Instruction ID: aea4bb79273e8d534990c21f24d6dc2711a2c6fda4608cbe9aad56ecb48cfa11
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 79cba90a5c32919940d47014e4f11db2286ddd08fea7034ebff4aa08fe6649a9
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9001677060430597CB00BF75D58521B76E0AB84348F01C83ED5857B381D778DC25CB9A
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000006.00000002.2301704153.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301686978.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301721482.0000000000409000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301745608.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301745608.0000000000412000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301790428.0000000000414000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_6_2_400000_install.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: AddressCurrentHandleModuleProcProcessfprintf
                                                                                                                                                                                                              • String ID: IsWow64Process$WOW64:%s$yes
                                                                                                                                                                                                              • API String ID: 24026888-2072328098
                                                                                                                                                                                                              • Opcode ID: 0f449fa4e61134affe168ec5c855c7a0e9b7151d64be7ae9747b5a4d41c4c0fd
                                                                                                                                                                                                              • Instruction ID: a217be7bda152947c960663f56388daf3a3792abde6a83131336f65876ccd3cc
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0f449fa4e61134affe168ec5c855c7a0e9b7151d64be7ae9747b5a4d41c4c0fd
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 52F03170A0830597DB00BF75D58511F7AE4AB84348F01C83ED985AB3D6EB78DC249B9A
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              • --l4j-, xrefs: 00405C50, 00405C8E
                                                                                                                                                                                                              • -Dfile.encoding=UTF-8 -classpath "lib\.;lib\..;lib\asm-all.jar;lib\dn-compiled-module.jar;lib\dn-php-sdk.jar;lib\gson.jar;lib\jphp-app-framework.jar;lib\jphp-core.jar;lib\jphp-desktop-ext.jar;lib\jphp-gui-ext.jar;lib\jphp-json-ext.jar;lib\jphp-runtime.jar;lib\, xrefs: 00405CAE, 00405CCA
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000006.00000002.2301704153.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301686978.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301721482.0000000000409000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301745608.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301745608.0000000000412000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301790428.0000000000414000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_6_2_400000_install.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: strstr$ErrorLaststrcatstrchrstrcpystrlen
                                                                                                                                                                                                              • String ID: --l4j-$-Dfile.encoding=UTF-8 -classpath "lib\.;lib\..;lib\asm-all.jar;lib\dn-compiled-module.jar;lib\dn-php-sdk.jar;lib\gson.jar;lib\jphp-app-framework.jar;lib\jphp-core.jar;lib\jphp-desktop-ext.jar;lib\jphp-gui-ext.jar;lib\jphp-json-ext.jar;lib\jphp-runtime.jar;lib\
                                                                                                                                                                                                              • API String ID: 1304447673-2724723538
                                                                                                                                                                                                              • Opcode ID: d165a1be7fc4b68c02de8a7e451452b4915db2d7301cae9c236fcca6c72a7ef8
                                                                                                                                                                                                              • Instruction ID: 56afbf9f269423abcfbc407513a566e97e7e4f5f61a7ec7fa9ea9c2cf9926f11
                                                                                                                                                                                                              • Opcode Fuzzy Hash: d165a1be7fc4b68c02de8a7e451452b4915db2d7301cae9c236fcca6c72a7ef8
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 950109745087109AE710AF65C44436BBAE1EF44304F45887FD589B73C2D77D88518B8A
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000006.00000002.2301704153.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301686978.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301721482.0000000000409000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301745608.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301745608.0000000000412000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301790428.0000000000414000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_6_2_400000_install.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: KillMessagePostQuitTimer$CodeEnumExitProcessShowWindowWindows
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 1905518172-0
                                                                                                                                                                                                              • Opcode ID: ed7f04139cc10e99910bf818abc7fe4566fa36b293454e2dcc1566a67e520c2f
                                                                                                                                                                                                              • Instruction ID: 4aa06db3ae75fa459c5dc857b340d842a3fba66811b007700aa9ab28a47e10bc
                                                                                                                                                                                                              • Opcode Fuzzy Hash: ed7f04139cc10e99910bf818abc7fe4566fa36b293454e2dcc1566a67e520c2f
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 75216F71B053048BC714EF39EA4571A77E1AB80348F00853EE885A73A0D739E915DB9B
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000006.00000002.2301704153.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301686978.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301721482.0000000000409000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301745608.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301745608.0000000000412000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301790428.0000000000414000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_6_2_400000_install.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Resource$ErrorFindLastLoadLockfprintf
                                                                                                                                                                                                              • String ID: Resource %d:%s
                                                                                                                                                                                                              • API String ID: 2300709556-3770364717
                                                                                                                                                                                                              • Opcode ID: 5fdb7a8abfa6b102f5a50e062b281fc94a6f536b858fcc5aa029184cd9954bbf
                                                                                                                                                                                                              • Instruction ID: 7b4c6ba3150bb0ca76113f71d5647f24083859b2f22289e308b5470f49ef36ec
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5fdb7a8abfa6b102f5a50e062b281fc94a6f536b858fcc5aa029184cd9954bbf
                                                                                                                                                                                                              • Instruction Fuzzy Hash: D321C570A083018BDB00FF39DA8035ABBE4EF44344F00847FE989EB381D278D8558B86
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              • Heap %s:Requested %d MB / %d%%, Available: %d MB, Heap size: %d MB, xrefs: 00403688
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000006.00000002.2301704153.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301686978.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301721482.0000000000409000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301745608.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301745608.0000000000412000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301790428.0000000000414000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_6_2_400000_install.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: strlen$_itoafprintfstrcat
                                                                                                                                                                                                              • String ID: Heap %s:Requested %d MB / %d%%, Available: %d MB, Heap size: %d MB
                                                                                                                                                                                                              • API String ID: 309510014-1709647519
                                                                                                                                                                                                              • Opcode ID: 4c106ecc713cc839283f90cd6b49804e0ebd0d678dfbdb3f99c2325a0ba98a86
                                                                                                                                                                                                              • Instruction ID: e9b7ccf47b61d8f8975171a80ab5ecc25053be3e66329a59218f8502b43fd955
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4c106ecc713cc839283f90cd6b49804e0ebd0d678dfbdb3f99c2325a0ba98a86
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2B1115B59083059FCB04DF59C08129EFBF2FF88300F12882EE899AB351C7389855CB86
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000006.00000002.2301704153.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301686978.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301721482.0000000000409000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301745608.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301745608.0000000000412000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301790428.0000000000414000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_6_2_400000_install.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: fopenmemsetstrlenstrncpy
                                                                                                                                                                                                              • String ID: j.lo$nch4
                                                                                                                                                                                                              • API String ID: 80595551-1605737849
                                                                                                                                                                                                              • Opcode ID: 70a3b17f3908ebedc0b3180f6b19ea0b43561d51c620d0b91f5d0ff4da68ae63
                                                                                                                                                                                                              • Instruction ID: 17a981617f60ab97fca732e22f92d21c70fcd95c49624fe496cb553d8773ac1f
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 70a3b17f3908ebedc0b3180f6b19ea0b43561d51c620d0b91f5d0ff4da68ae63
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0601E8B5D083049BC714AF25D48155AFBE0FF48314F42C86EA88D9B356D6389954CB96
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000006.00000002.2301704153.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301686978.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301721482.0000000000409000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301745608.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301745608.0000000000412000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301790428.0000000000414000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_6_2_400000_install.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: signal
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 1946981877-0
                                                                                                                                                                                                              • Opcode ID: dc29bf9aea78ba53ae1806de999a580e3e5e4b6085ce782c554fd26ddb7216e3
                                                                                                                                                                                                              • Instruction ID: 1bbb52622e8a19badba6bad6b28e715f43f04d6c83c205b25cbd975ffaf7a7a3
                                                                                                                                                                                                              • Opcode Fuzzy Hash: dc29bf9aea78ba53ae1806de999a580e3e5e4b6085ce782c554fd26ddb7216e3
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 63312FB0A042408BD724AF69C58036EB6A0BF49354F16893FD9C5E77E1C6BECCD0974A
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000006.00000002.2301704153.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301686978.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301721482.0000000000409000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301745608.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301745608.0000000000412000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301790428.0000000000414000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_6_2_400000_install.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: EnvironmentVariablestrlen$memsetstrcat
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 2108680700-0
                                                                                                                                                                                                              • Opcode ID: 317a1b4159015edb0ae75aa1fb239e533f8ada9d5471afa3510d3c26417a13cd
                                                                                                                                                                                                              • Instruction ID: 19ba68cff2aee44dae23cc5b56ef49d50704ee26ecf9892f5ebb6658b324295f
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 317a1b4159015edb0ae75aa1fb239e533f8ada9d5471afa3510d3c26417a13cd
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9D1119B5D087149BCB00EF69C54105DFBF1EF88314F1284BEE888A7355DA385A518BC6
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000006.00000002.2301704153.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301686978.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301721482.0000000000409000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301745608.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301745608.0000000000412000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301790428.0000000000414000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_6_2_400000_install.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: strcatstrlen
                                                                                                                                                                                                              • String ID: bin\java.exe$bin\javaw.exe
                                                                                                                                                                                                              • API String ID: 1179760717-2770878578
                                                                                                                                                                                                              • Opcode ID: b65ea48d9e9f20d7926c5458ddd7f93f7f40326ce165c218aab041ff87f19a90
                                                                                                                                                                                                              • Instruction ID: 7687c5f18350c46cbce8d6c5260ce5ab4989a23d013a9ddc911cfd2f41cc631c
                                                                                                                                                                                                              • Opcode Fuzzy Hash: b65ea48d9e9f20d7926c5458ddd7f93f7f40326ce165c218aab041ff87f19a90
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 01F062B4D183049EE710AF39D9C9A1ABBD4AF00308F46487EE4895F3D3D77A8450879A
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • SetEnvironmentVariableA.KERNEL32 ref: 004052EC
                                                                                                                                                                                                              • strtok.MSVCRT(?,?,?,?,00406514), ref: 004052FF
                                                                                                                                                                                                              • strchr.MSVCRT ref: 00405316
                                                                                                                                                                                                                • Part of subcall function 00403100: memset.MSVCRT ref: 00403136
                                                                                                                                                                                                                • Part of subcall function 00403100: memset.MSVCRT ref: 00403151
                                                                                                                                                                                                                • Part of subcall function 00403100: strchr.MSVCRT ref: 0040316C
                                                                                                                                                                                                                • Part of subcall function 00403100: strchr.MSVCRT ref: 0040318A
                                                                                                                                                                                                                • Part of subcall function 00403100: strncat.MSVCRT ref: 004031AF
                                                                                                                                                                                                                • Part of subcall function 00403100: strncat.MSVCRT ref: 004031D5
                                                                                                                                                                                                                • Part of subcall function 00403100: strlen.MSVCRT ref: 004031EB
                                                                                                                                                                                                                • Part of subcall function 00403100: strstr.MSVCRT ref: 0040327E
                                                                                                                                                                                                              • fprintf.MSVCRT ref: 0040535A
                                                                                                                                                                                                              • SetLastError.KERNEL32(?,?,?,00406514), ref: 00405373
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000006.00000002.2301704153.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301686978.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301721482.0000000000409000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301745608.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301745608.0000000000412000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301790428.0000000000414000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_6_2_400000_install.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: strchr$memsetstrncat$EnvironmentErrorLastVariablefprintfstrlenstrstrstrtok
                                                                                                                                                                                                              • String ID: Set var:%s = %s
                                                                                                                                                                                                              • API String ID: 3263537496-1184643595
                                                                                                                                                                                                              • Opcode ID: ee98d8c8936dcdd218bc3ae6b4bee14f3b7f662cf54e9fc7437ca12448ec09f5
                                                                                                                                                                                                              • Instruction ID: b35ccef8a7e5673246ed472a237be416f5c44ba05b5604b2d57a73e62d97e0d5
                                                                                                                                                                                                              • Opcode Fuzzy Hash: ee98d8c8936dcdd218bc3ae6b4bee14f3b7f662cf54e9fc7437ca12448ec09f5
                                                                                                                                                                                                              • Instruction Fuzzy Hash: FA01DAB05087109EC701AF2AC58031EBFE4AF88744F41C87FE4C8AB381D77889519F9A
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • FormatMessageA.KERNEL32(?,?,?,?,?,?,?,?,004013DA), ref: 00401FFD
                                                                                                                                                                                                              • strlen.MSVCRT ref: 0040201F
                                                                                                                                                                                                              • strcat.MSVCRT(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,004013DA), ref: 00402040
                                                                                                                                                                                                              • LocalFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,004013DA), ref: 0040204B
                                                                                                                                                                                                              • fprintf.MSVCRT ref: 004020A9
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000006.00000002.2301704153.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301686978.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301721482.0000000000409000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301745608.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301745608.0000000000412000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301790428.0000000000414000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_6_2_400000_install.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: FormatFreeLocalMessagefprintfstrcatstrlen
                                                                                                                                                                                                              • String ID: An error occurred while starting the application.
                                                                                                                                                                                                              • API String ID: 863393273-2110520379
                                                                                                                                                                                                              • Opcode ID: 9e24085052815f66a929547d79b0b0ecebc814cf3094997c733abd0dc5bb07b1
                                                                                                                                                                                                              • Instruction ID: 48929c70c90143ab4f29c9b601d13be01fb97ec1997cc056402bd9998a5ef999
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9e24085052815f66a929547d79b0b0ecebc814cf3094997c733abd0dc5bb07b1
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 730116B0A083018BC300EF69C28025BBBF1BB84314F01886EE8C9A7245D77896548B8A
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • memset.MSVCRT ref: 004012F4
                                                                                                                                                                                                                • Part of subcall function 004020C0: FindResourceExA.KERNEL32(?,?,?,00401888), ref: 004020EF
                                                                                                                                                                                                                • Part of subcall function 004020C0: LoadResource.KERNEL32 ref: 00402108
                                                                                                                                                                                                                • Part of subcall function 004020C0: LockResource.KERNEL32 ref: 00402117
                                                                                                                                                                                                              • FindWindowExA.USER32 ref: 0040132A
                                                                                                                                                                                                              • GetWindowTextA.USER32 ref: 00401350
                                                                                                                                                                                                              • strstr.MSVCRT ref: 0040135F
                                                                                                                                                                                                              • FindWindowExA.USER32 ref: 0040137F
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000006.00000002.2301704153.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301686978.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301721482.0000000000409000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301745608.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301745608.0000000000412000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301790428.0000000000414000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_6_2_400000_install.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: FindResourceWindow$LoadLockTextmemsetstrstr
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 1871962372-0
                                                                                                                                                                                                              • Opcode ID: 1298e7c1909e02cac85a35fd553868d9f91c7302c22f4e1a6b2c68c72ce7dee5
                                                                                                                                                                                                              • Instruction ID: 5d52d5c0b459d14cb6f1974f7d56ade6fd7020e608e51b2663064d8790cfeea0
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1298e7c1909e02cac85a35fd553868d9f91c7302c22f4e1a6b2c68c72ce7dee5
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 282160B2A083019BE714AF6AD54129FFBE4EF84354F01C83FE98CD3691E67885548B86
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              • Runtime used:%s (%s-bit), xrefs: 00402FC4
                                                                                                                                                                                                              • C:\Users\user\AppData\Roaming\InstallerPDW\jre, xrefs: 00402F90
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000006.00000002.2301704153.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301686978.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301721482.0000000000409000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301745608.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301745608.0000000000412000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301790428.0000000000414000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_6_2_400000_install.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: fprintfstrcpy
                                                                                                                                                                                                              • String ID: C:\Users\user\AppData\Roaming\InstallerPDW\jre$Runtime used:%s (%s-bit)
                                                                                                                                                                                                              • API String ID: 1458319006-4129559885
                                                                                                                                                                                                              • Opcode ID: 5561c27fd72a1e767c22225ba6b48e1c42a17190cfea799da6d8e7f1897e806e
                                                                                                                                                                                                              • Instruction ID: e570360796af71997f007bbec0ddf7bd71377d3d7eeb5d391251dbc393d587ea
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5561c27fd72a1e767c22225ba6b48e1c42a17190cfea799da6d8e7f1897e806e
                                                                                                                                                                                                              • Instruction Fuzzy Hash: CA3139719093019BD715AF24864839FB6A1EB80748F01C87FE8887B3C6D7BD9C419B8A
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              • Runtime used:%s (%s-bit), xrefs: 00402FC4
                                                                                                                                                                                                              • C:\Users\user\AppData\Roaming\InstallerPDW\jre, xrefs: 00402F90
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000006.00000002.2301704153.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301686978.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301721482.0000000000409000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301745608.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301745608.0000000000412000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301790428.0000000000414000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_6_2_400000_install.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: fprintfstrcpy
                                                                                                                                                                                                              • String ID: C:\Users\user\AppData\Roaming\InstallerPDW\jre$Runtime used:%s (%s-bit)
                                                                                                                                                                                                              • API String ID: 1458319006-4129559885
                                                                                                                                                                                                              • Opcode ID: e34a0cca9953dcd10a531016e5b932c1cff74b83191ca0bd0e7937265830d13f
                                                                                                                                                                                                              • Instruction ID: 2e410cda6b073cc25c187766190d21a1da9afde98849d5476af63c368e3af956
                                                                                                                                                                                                              • Opcode Fuzzy Hash: e34a0cca9953dcd10a531016e5b932c1cff74b83191ca0bd0e7937265830d13f
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 602181719043059BD7149F15C64439BB7A5EB80348F01C87EE8887B3C6C7BD9C519B89
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GlobalMemoryStatusEx.KERNEL32 ref: 00403717
                                                                                                                                                                                                                • Part of subcall function 004033F0: FindResourceExA.KERNEL32 ref: 00403440
                                                                                                                                                                                                                • Part of subcall function 004033F0: LoadResource.KERNEL32 ref: 0040345C
                                                                                                                                                                                                                • Part of subcall function 004033F0: LockResource.KERNEL32 ref: 0040346B
                                                                                                                                                                                                                • Part of subcall function 004033F0: fprintf.MSVCRT ref: 004034B3
                                                                                                                                                                                                                • Part of subcall function 004033F0: atoi.MSVCRT ref: 004034C3
                                                                                                                                                                                                                • Part of subcall function 004033F0: FindResourceExA.KERNEL32 ref: 004034FE
                                                                                                                                                                                                                • Part of subcall function 004033F0: LoadResource.KERNEL32 ref: 0040351B
                                                                                                                                                                                                                • Part of subcall function 004033F0: LockResource.KERNEL32 ref: 0040352A
                                                                                                                                                                                                                • Part of subcall function 004033F0: fprintf.MSVCRT ref: 00403573
                                                                                                                                                                                                                • Part of subcall function 004033F0: atoi.MSVCRT ref: 00403583
                                                                                                                                                                                                                • Part of subcall function 004033F0: strcat.MSVCRT(?), ref: 0040361A
                                                                                                                                                                                                                • Part of subcall function 004033F0: strlen.MSVCRT ref: 00403622
                                                                                                                                                                                                                • Part of subcall function 004033F0: _itoa.MSVCRT ref: 00403639
                                                                                                                                                                                                                • Part of subcall function 004033F0: strlen.MSVCRT ref: 00403641
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000006.00000002.2301704153.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301686978.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301721482.0000000000409000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301745608.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301745608.0000000000412000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301790428.0000000000414000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_6_2_400000_install.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Resource$FindLoadLockatoifprintfstrlen$GlobalMemoryStatus_itoastrcat
                                                                                                                                                                                                              • String ID: -Xms$-Xmx$@
                                                                                                                                                                                                              • API String ID: 2157757142-2676391021
                                                                                                                                                                                                              • Opcode ID: dff8b46c210c447c65d657b453adb865e188cc97235aba00eb8c1e73047c40b0
                                                                                                                                                                                                              • Instruction ID: 0838842f76f9e4a7ac68c74f3cf3971a36c87926e8153908363a189b489a0147
                                                                                                                                                                                                              • Opcode Fuzzy Hash: dff8b46c210c447c65d657b453adb865e188cc97235aba00eb8c1e73047c40b0
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1D01D7B09097099FC704DF69E18154EBBF1EF88304F10883EF489A7385D738D9449B46
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000006.00000002.2301704153.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301686978.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301721482.0000000000409000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301745608.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301745608.0000000000412000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301790428.0000000000414000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_6_2_400000_install.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CodeEnumExitKillMessagePostProcessQuitTimerWindows
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 405088690-0
                                                                                                                                                                                                              • Opcode ID: 9d36f53bfc2b48dcf375a5f439baa85ef358b269035d827499970f5c7433ee0c
                                                                                                                                                                                                              • Instruction ID: 4530f2aae7447fe0df29e6f37fc7dc1219e95ab942fdeb78a325eac38ac8bd41
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9d36f53bfc2b48dcf375a5f439baa85ef358b269035d827499970f5c7433ee0c
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 87F05EB59093008BC300BF34DA052197AE0AB40348F018A3FE8C5A33D1D77C9558EB9B
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000006.00000002.2301704153.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301686978.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301721482.0000000000409000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301745608.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301745608.0000000000412000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301790428.0000000000414000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_6_2_400000_install.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: HandleModule
                                                                                                                                                                                                              • String ID: Laun$ch4j
                                                                                                                                                                                                              • API String ID: 4139908857-52159806
                                                                                                                                                                                                              • Opcode ID: ba5704b0daeddb5bd746fd9b5eed543a5f99ab6f6a48090e1268a62a4232c58d
                                                                                                                                                                                                              • Instruction ID: 3efb9f204aa9b6cf598ae448a7fd9fa3256bf58a8a3bede9923b47c04f3ea8c0
                                                                                                                                                                                                              • Opcode Fuzzy Hash: ba5704b0daeddb5bd746fd9b5eed543a5f99ab6f6a48090e1268a62a4232c58d
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 30F01CB0A042058BD708EF3EEE053963AE2A784300F04C27ED409CB3B5EBB484618B8D
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000006.00000002.2301704153.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301686978.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301721482.0000000000409000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301745608.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301745608.0000000000412000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000006.00000002.2301790428.0000000000414000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_6_2_400000_install.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: strlen$strchrstrncpy
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 4793283-0
                                                                                                                                                                                                              • Opcode ID: c717c3167b26713e1d36be612c62a11c9a96452fabd6d96aff045e23f77e9a9b
                                                                                                                                                                                                              • Instruction ID: 1041cfa0432d9ad742072a7b848d71ebc1d8de872eff087a6a568f2cbe167894
                                                                                                                                                                                                              • Opcode Fuzzy Hash: c717c3167b26713e1d36be612c62a11c9a96452fabd6d96aff045e23f77e9a9b
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0E11D3B8D04728ABCB009F55C5841AEFBB1EF48310F1684AAE8547B381C779AA41CBC6